Summary: | ASTERISK-11211: Please merge the ToS/libcap patch to 1.4 branch | ||
Reporter: | Faidon Liambotis (paravoid) | Labels: | |
Date Opened: | 2008-01-11 08:50:16.000-0600 | Date Closed: | 2008-01-11 12:24:26.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) libcap.diff | |
Description: | trunk contains a patch that uses libcap to retain the CAP_NET_ADMIN capability so that Asterisk can set the ToS IP field even when its privileges are dropped. I've backported this patch to 1.4 with success. The patch is quite small: configure.ac | 5 +++++ doc/security.txt | 7 +++++++ include/asterisk/autoconfig.h.in | 6 ++++++ main/Makefile | 3 +++ main/asterisk.c | 31 ++++++++++++++++++++++++++----- makeopts.in | 3 +++ 6 files changed, 50 insertions(+), 5 deletions(-) The patch is in trunk for quite some time and is well-tested. This will allow people that need ToS to be able to drop Asterisk's privileges, lowering a potential security vulnerability impact. All the code changes are #ifdef HAS_CAP, so it doesn't affect people who don't have libcap. | ||
Comments: | By: Olle Johansson (oej) 2008-01-11 08:57:15.000-0600 We never port new functionality to a released version of asterisk. And besides, this is a bug tracker, not a feature request tracker ;-) By: Faidon Liambotis (paravoid) 2008-01-11 09:03:20.000-0600 Your policy of not porting new functionality has been broken before and I figured that this is minor enough code-wise and important enough because of the security impact. I asked russellb on IRC about it a few days ago who prompted me to file a bug here. I am aware of what this is. By: Tilghman Lesher (tilghman) 2008-01-11 12:15:57.000-0600 We only break the rule generally in order to implement a bugfix. i.e. if fixing a bug correctly forces us to add a new option to an application, then we'll add the new option, even though it could be considered a feature add. By: Digium Subversion (svnbot) 2008-01-11 12:23:38.000-0600 Repository: asterisk Revision: 98265 U branches/1.4/configure U branches/1.4/configure.ac U branches/1.4/doc/security.txt U branches/1.4/include/asterisk/autoconfig.h.in U branches/1.4/main/Makefile U branches/1.4/main/asterisk.c U branches/1.4/makeopts.in ------------------------------------------------------------------------ r98265 | russell | 2008-01-11 12:23:37 -0600 (Fri, 11 Jan 2008) | 11 lines Backport the ability to set the ToS bits on Linux when not running as root. Normally, we would not backport features into 1.4, but, I was convinced by the justification supplied by the supplier of this patch. He pointed out that this patch removes a requirement for running as root, thus reducing the potential impacts of security issues. (closes issue ASTERISK-11211) Reported by: paravoid Patches: libcap.diff uploaded by paravoid (license 200) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=98265 By: Digium Subversion (svnbot) 2008-01-11 12:24:26.000-0600 Repository: asterisk Revision: 98267 _U trunk/ ------------------------------------------------------------------------ r98267 | russell | 2008-01-11 12:24:25 -0600 (Fri, 11 Jan 2008) | 18 lines Blocked revisions 98265 via svnmerge ........ r98265 | russell | 2008-01-11 12:25:30 -0600 (Fri, 11 Jan 2008) | 11 lines Backport the ability to set the ToS bits on Linux when not running as root. Normally, we would not backport features into 1.4, but, I was convinced by the justification supplied by the supplier of this patch. He pointed out that this patch removes a requirement for running as root, thus reducing the potential impacts of security issues. (closes issue ASTERISK-11211) Reported by: paravoid Patches: libcap.diff uploaded by paravoid (license 200) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=98267 |