Summary:ASTERISK-00934: [patch] app_voicemail context fixed and vmail.cgi suid fix
Reporter:awrede (awrede)Labels:
Date Opened:2004-01-28 13:02:15.000-0600Date Closed:2004-09-25 02:49:40
Versions:Frequency of
Environment:Attachments:( 0) asterisk.diff1
Description:The changes to use context in vmail.cg were incomplete.
The attached patch fixes this:
- app_voicemail create all files and directories as group writable
- vmail.cgi ignores the [zonemessages] section
- uses context to qualify extensions
- create files and directories as group writable
- Makefile creates vm directories group writable and owned  by www-data
- no longer install vmail.cgi suid root.

****** STEPS TO REPRODUCE ******

Try to access voicemail via the web interface when your extension is not in the default context.
Comments:By: Brian West (bkw918) 2004-02-01 19:38:11.000-0600

Can you roll this into a patch for 865 to allow us to adjust the perms and have a runtime make/install option to let the person installing asterisk make the choice.  I wouldn't mind running asterisk as nobody or who ever my www server is running as. (or asterisk)


By: awrede (awrede) 2004-02-02 11:36:33.000-0600

I just reviewed the patch wrt running asterisk as non-root and I don't think the two issues intersect, ie. my patch would not be different if asterisk runs non-root. The only variable is the group owner of the voicemail directories, which my patch sets in the top-level Makefile to www-data. Once things like that come from a config file, I'll adjust the patch bu hopefully it's commited before then :-)

By: Olle Johansson (oej) 2004-04-06 03:37:25

Message sent on -dev - request for testing.

By: Mark Spencer (markster) 2004-04-26 08:38:12

I merged the vmail.cgi changes, but I just can't bring myself to do the group writable section yet because I don't think we transition properly (i.e. it doesn't do the right thing if you cvs update, make install, and then go at it.