uWSGI stats server listening on all IPs, should be restricted
Bug #1288881 reported by
Sig Sigler
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
If we are going to deploy uWSGI with the stats server enabled by default, it would be best if we restricted it to localhost, rather than having it listen on all IPs.
Changed in barbican: | |
milestone: | none → icehouse-3 |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/78679 /git.openstack. org/cgit/ stackforge/ barbican/ commit/ ?id=c3a41505b7c d95e412db439b7b c66a4a55e3a883
Committed: https:/
Submitter: Jenkins
Branch: master
commit c3a41505b7cd95e 412db439b7bc66a 4a55e3a883
Author: Sig Sigler <email address hidden>
Date: Thu Mar 6 11:29:47 2014 -0600
Barbican uWSGI stats server listen on localhost
The current uWSGI Upstart script starts the stats server listening
on all IPs. In order to reduce the attack surface, this patch modifies
the Upstart script so that the stats server starts listening on
localhost only.
Closes-Bug: #1288881 8b8cbecc4f065b8 a3710310d29
Change-Id: I6141e665433d41