|Summary:||ASTERISK-12941: All Call Recordings are world readable [Security Risk]|
|Reporter:||Gregory Hinton Nietsky (irroot)||Labels:|
|Date Opened:||2008-10-21 04:15:04||Date Closed:||2008-10-22 10:25:52|
|Description:||As recordings are a sensitive issue and in most cases regulated by law and in some cases not permited at all the recording mechanisim needs to be as secure as possible.|
Idealy the filemodes should be configrable and there should be a way of modifying the owner/group [requires the system be run as root] so only authorised users in a particular group have access to this data.
if the system is not running as root setting the mode to a mode other than universal read access should still be concidered best practice.
IMHO the default mask should be 0640 at least ...
****** ADDITIONAL INFORMATION ******
ast_writefile(mixmonitor->filename, ext, NULL, oflags, 0, 0644)
|Comments:||By: Leif Madsen (lmadsen) 2008-10-21 09:08:15|
Tilghman, your thoughts?
By: Tilghman Lesher (tilghman) 2008-10-21 10:07:20
He's correct that we should change the filemode, but it should be changed to 0666, which allows the umask to take full effect. Our advice to administrators who want to limit the readability of files has always been to set the umask at startup time.
By: Tilghman Lesher (tilghman) 2008-10-21 10:11:52
Fixed in revision 151371.