The signing_dir directive defined in barbican-api-paste.ini explicitly
stores Keystone's signing certificates in a known /tmp directory. This
could be exploited by populating the directory with bogus certificates,
potentially allowing a malicious user to generate valid tokens.
Added comment explaining signing_dir, and a reasonable
(commented) default.
Reviewed: https:/ /review. openstack. org/176071 /git.openstack. org/cgit/ openstack/ barbican/ commit/ ?id=dce0c692206 2a700a2de1fee93 19421cc7d8288e
Committed: https:/
Submitter: Jenkins
Branch: master
commit dce0c6922062a70 0a2de1fee931942 1cc7d8288e
Author: Charles Neill <email address hidden>
Date: Tue Apr 21 15:49:20 2015 -0500
Removing signing_dir directive from config
The signing_dir directive defined in barbican- api-paste. ini explicitly
stores Keystone's signing certificates in a known /tmp directory. This
could be exploited by populating the directory with bogus certificates,
potentially allowing a malicious user to generate valid tokens.
Added comment explaining signing_dir, and a reasonable
(commented) default.
Change-Id: I15fda6863e888e 3881694ab47a836 eee2fb578ee
Closes-Bug: #1446406