Barbican

uWSGI stats server listening on all IPs, should be restricted

Bug #1288881 reported by Sig Sigler on 2014-03-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Barbican	Fix Released	Undecided	Unassigned	Barbican icehouse-3

Bug Description

If we are going to deploy uWSGI with the stats server enabled by default, it would be best if we restricted it to localhost, rather than having it listen on all IPs.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-03-06: Fix merged to barbican (master)

Reviewed: https://review.openstack.org/78679
Committed: https://git.openstack.org/cgit/stackforge/barbican/commit/?id=c3a41505b7cd95e412db439b7bc66a4a55e3a883
Submitter: Jenkins
Branch: master

commit c3a41505b7cd95e412db439b7bc66a4a55e3a883
Author: Sig Sigler <email address hidden>
Date: Thu Mar 6 11:29:47 2014 -0600

Barbican uWSGI stats server listen on localhost

    The current uWSGI Upstart script starts the stats server listening
    on all IPs. In order to reduce the attack surface, this patch modifies
    the Upstart script so that the stats server starts listening on
    localhost only.

Closes-Bug: #1288881
Change-Id: I6141e665433d418b8cbecc4f065b8a3710310d29

Changed in barbican:
status:	New → Fix Committed

John Vrbanac (john.vrbanac) on 2014-03-06

Changed in barbican:
milestone:	none → icehouse-3
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.