wsgi scripts shouldn't grant on /usr/bin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystone (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
nova (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
cdent mentioned this:
<cdent> coreycb: as a somewhat related aside: I think the wsgi script should not be in /usr/bin and the Directory statement should not grant on /usr/bin, but whatever the wsgi script dir is. It is pbr that is in the habit of installing the wsgi script in /usr/bin or /usr/local/bin and that's probably bad.
It does seems sensible to limit the access granted to something more minimal than /usr/bin.
For reference:
https:/
This affects the nova-placement-api. https:/
This affects more than just nova. We should revisit all of our packages that have wsgi scripts.
Changed in keystone (Ubuntu): | |
status: | New → Confirmed |
Changed in nova (Ubuntu): | |
status: | New → Confirmed |
Changed in nova (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in keystone (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
Changed in nova (Ubuntu): | |
importance: | Undecided → Medium |