[Openstack-security] [openstack/swift] SecurityImpact review request change I1f629987fbc8c59406432faad9cb2bfa34b5eccc
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Dec 17 09:35:14 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/227855
Log:
commit 61c014c4099a931e49892866940e51ae7c75a87d
Author: janonymous <janonymous.codevulture at gmail.com>
Date: Fri Sep 25 19:13:28 2015 +0530
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections hence even after
the response is sent to the client, it doesn't close the client socket
connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Allows closing idle client connections after a period of
time.
Comments in config files are based on their own keepalive default option
set to true/false.
eg:
$ time nc localhost 8776/8080
real 1m0.063s
Added Parameters in Initial commit that needs to be changed as appropriate
for swift configuration.
DocImpact:
Added keepalive option (default=False).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I1f629987fbc8c59406432faad9cb2bfa34b5eccc
More information about the Openstack-security
mailing list