OpenStack Compute (nova)

keystone-signing-nova in tmp

Bug #1177681 reported by glance on 2013-05-08

This bug report is a duplicate of: Bug #1174608: [OSSA 2013-010] Insecure directory creation for signing. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	New	Undecided	Unassigned

etc/nova/api-paste.ini defaults to:
[filter:authtoken]
signing_dir = /tmp/keystone-signing-nova

Thats kinda bad if thats taken by some other dir or maybe a symlink to somewhere...

I would sugest switching to:
/var/lib/nova/keystone-signing

And that is what quantum defaults to.

Tags:

Revision history for this message

glance (glance-acc) wrote on 2013-05-08:

This is spotted on 1:2013.1-0ubuntu2~cloud1

glance (glance-acc) on 2013-05-08

information type:

Public → Private Security

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-05-08:

Once public, always public :) We shall open the duplicate bug any time now.

information type:

Private Security → Public

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.