| Summary: | ASTERISK-05785: [patch] improve AGI console output | ||
| Reporter: | Kenneth Shumard (kshumard) | Labels: | |
| Date Opened: | 2005-12-05 19:48:54.000-0600 | Date Closed: | 2006-02-01 13:41:30.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_agi |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 20060120__bug5940.diff.txt ( 1) res_agi.7446.patch.txt ( 2) res_agi.r7221.patch.txt | |
| Description: | Test for existence and executability of file before attempting to run it, log a warning and exit if it's nonexistent or permissions prevent it from running. I'm tired of forgetting to `chmod a+x` my scripts and not having asterisk tell me about it. : ) ****** ADDITIONAL INFORMATION ****** Is there a better place to classify this? Is this the best way of doing this? I don't know the low-level C file functions that well, so there could well be a better way of making this happen. | ||
| Comments: | By: Russell Bryant (russell) 2005-12-08 11:09:06.000-0600 My man page for access() says ... "CAVEAT Access() is a potential security hole and should never be used. " I believe you can use stat() to accomplish this. By: Kenneth Shumard (kshumard) 2005-12-12 17:21:12.000-0600 Fine then, stat() it is. : ) There are 1 or 2 other places throughout asterisk that do use access()... is it important to change these? By: Russell Bryant (russell) 2005-12-13 16:17:52.000-0600 I really am not sure about the reasons why access() should not be used. I just happened to see that when I was looking at the man page while looking at your patch. By: Russell Bryant (russell) 2005-12-13 16:23:44.000-0600 The last man page I referred to was on my mac. The man page on my linux box says the following: Using access to check if a user is authorized to e.g. open a file before actually doing so using open(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. By: Tilghman Lesher (tilghman) 2006-01-05 15:01:13.000-0600 stat(2) is a very expensive operation, which is why we avoid it most of the time. A better approach might be to use errno to explain why the exec failed: ENOENT if the file doesn't exist, and EACCES if the file is not readable (or not executable, due to permissions). By: Tilghman Lesher (tilghman) 2006-01-20 22:44:06.000-0600 Here's a patch implementing something that is so obvious, I hadn't thought of it before: we're an AGI. We have a direct link right back into Asterisk, so let's use it to print a verbose message. That solves the problem that you aren't seeing anything on the console, right? By: Matt O'Gorman (mogorman) 2006-02-01 13:41:07.000-0600 Committed revision 9059. | ||