fixing symlink attack bug present in the application.

fixes bug 1233305 Change-Id: I14a94b3b5cb27e8d6c5848c212b3b88053aa8aca (cherry picked from commit 0805d0a008)
2013-10-01 15:10:22 -07:00 · 2013-10-01 15:10:22 -07:00 · 55cefeac63
parent 59a12fe3cf
commit 55cefeac63
1 changed files with 4 additions and 1 deletions
--- a/etc/trove/api-paste.ini
+++ b/etc/trove/api-paste.ini
@ -19,7 +19,10 @@ auth_host = 127.0.0.1
 auth_port = 35357
 auth_protocol = http
 admin_token = be19c524ddc92109a224
-signing_dir = /tmp/keystone-signing-nova
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the trove process is running as.
+#signing_dir = /var/lib/trove/keystone-signing

 [filter:authorization]
 paste.filter_factory = trove.common.auth:AuthorizationMiddleware.factory