Public bug reported: cdent mentioned this:
<cdent> coreycb: as a somewhat related aside: I think the wsgi script should not be in /usr/bin and the Directory statement should not grant on /usr/bin, but whatever the wsgi script dir is. It is pbr that is in the habit of installing the wsgi script in /usr/bin or /usr/local/bin and that's probably bad. It does seems sensible to limit the access granted to something more minimal than /usr/bin. For reference: https://httpd.apache.org/docs/2.4/howto/access.html This affects the nova-placement-api. https://git.launchpad.net/~ubuntu- server-dev/ubuntu/+source/nova/tree/debian/nova-placement- api.conf?h=stable/ocata This affects more than just nova. We should revisit all of our packages that have wsgi scripts. ** Affects: keystone (Ubuntu) Importance: Undecided Status: New ** Affects: nova (Ubuntu) Importance: Undecided Status: New ** Also affects: keystone (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674465 Title: wsgi scripts shouldn't grant on /usr/bin To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/1674465/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
