|Summary:||ASTERISK-00934: [patch] app_voicemail context fixed and vmail.cgi suid fix|
|Date Opened:||2004-01-28 13:02:15.000-0600||Date Closed:||2004-09-25 02:49:40|
|Environment:||Attachments:||( 0) asterisk.diff1|
|Description:||The changes to use context in vmail.cg were incomplete. |
The attached patch fixes this:
- app_voicemail create all files and directories as group writable
- vmail.cgi ignores the [zonemessages] section
- uses context to qualify extensions
- create files and directories as group writable
- Makefile creates vm directories group writable and owned by www-data
- no longer install vmail.cgi suid root.
****** STEPS TO REPRODUCE ******
Try to access voicemail via the web interface when your extension is not in the default context.
|Comments:||By: Brian West (bkw918) 2004-02-01 19:38:11.000-0600|
Can you roll this into a patch for 865 to allow us to adjust the perms and have a runtime make/install option to let the person installing asterisk make the choice. I wouldn't mind running asterisk as nobody or who ever my www server is running as. (or asterisk)
By: awrede (awrede) 2004-02-02 11:36:33.000-0600
I just reviewed the patch wrt running asterisk as non-root and I don't think the two issues intersect, ie. my patch would not be different if asterisk runs non-root. The only variable is the group owner of the voicemail directories, which my patch sets in the top-level Makefile to www-data. Once things like that come from a config file, I'll adjust the patch bu hopefully it's commited before then :-)
By: Olle Johansson (oej) 2004-04-06 03:37:25
Message sent on -dev - request for testing.
By: Mark Spencer (markster) 2004-04-26 08:38:12
I merged the vmail.cgi changes, but I just can't bring myself to do the group writable section yet because I don't think we transition properly (i.e. it doesn't do the right thing if you cvs update, make install, and then go at it.