| Summary: | ASTERISK-12943: [patch] Set a sane umask inside safe_asterisk | ||
| Reporter: | Gregory Hinton Nietsky (irroot) | Labels: | |
| Date Opened: | 2008-10-21 12:22:08 | Date Closed: | 2008-12-16 13:54:07.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) safe-umask.patch | |
| Description: | refer to ASTERISK-12941 recordings and other information will be created world readable this could compromise valuable information. as safe_asterisk is to be safe set a umask by default. | ||
| Comments: | By: Leif Madsen (lmadsen) 2008-10-22 10:26:30 Requesting thoughts from Corydon76 By: Tilghman Lesher (tilghman) 2008-10-22 14:30:46 This would create a change in behavior. The best that I can recommend is a default umask of 022. If you're really concerned about outside access, then you should not have ANY local users on your PBX machine. And in any case, this is already recommended for system administrators to handle, some of whom do not use safe_asterisk at all, so for them, this change would have no effect. By: Gregory Hinton Nietsky (irroot) 2008-10-22 15:25:17 yip 022 will be a good option to maintain status quo and i fully agree with you local users are evil .... unfortunately i have a instance where this has become a nececity i feel having it at least in safe_asterisk will help in some cases where the warnings are not adheerd to. [and you get a warm fuzzy for making a system more secure where the admin dont concider this]. im running 027 as a UMASK and setting the sticky bit on the monitor/fax/voicemail folders i belive safe_asterisk should run asterisk according to best practice and commented to assist the novice user have a better experiance of asterisk overall. By: Digium Subversion (svnbot) 2008-12-16 13:54:06.000-0600 Repository: asterisk Revision: 164798 U trunk/contrib/scripts/safe_asterisk ------------------------------------------------------------------------ r164798 | tilghman | 2008-12-16 13:54:06 -0600 (Tue, 16 Dec 2008) | 4 lines Set up umask as a possible configuration option. (closes issue ASTERISK-12943) Reported by: irroot ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=164798 | ||