Summary:ASTERISK-12943: [patch] Set a sane umask inside safe_asterisk
Reporter:Gregory Hinton Nietsky (irroot)Labels:
Date Opened:2008-10-21 12:22:08Date Closed:2008-12-16 13:54:07.000-0600
Versions:Frequency of
Environment:Attachments:( 0) safe-umask.patch
refer to ASTERISK-12941

recordings and other information will be created world readable this could compromise valuable information.

as safe_asterisk is to be safe set a umask by default.
Comments:By: Leif Madsen (lmadsen) 2008-10-22 10:26:30

Requesting thoughts from Corydon76

By: Tilghman Lesher (tilghman) 2008-10-22 14:30:46

This would create a change in behavior.  The best that I can recommend is a default umask of 022.  If you're really concerned about outside access, then you should not have ANY local users on your PBX machine.  And in any case, this is already recommended for system administrators to handle, some of whom do not use safe_asterisk at all, so for them, this change would have no effect.

By: Gregory Hinton Nietsky (irroot) 2008-10-22 15:25:17

yip 022 will be a good option to maintain status quo

and i fully agree with you local users are evil ....

unfortunately i have a instance where this has become a nececity

i feel having it at least in safe_asterisk will help in some cases where the warnings are not adheerd to. [and you get a warm fuzzy for making a system more secure where the admin dont concider this].

im running 027 as a UMASK and setting the sticky bit on the monitor/fax/voicemail folders

i belive safe_asterisk should run asterisk according to best practice and commented to assist the novice user have a better experiance of asterisk overall.

By: Digium Subversion (svnbot) 2008-12-16 13:54:06.000-0600

Repository: asterisk
Revision: 164798

U   trunk/contrib/scripts/safe_asterisk

r164798 | tilghman | 2008-12-16 13:54:06 -0600 (Tue, 16 Dec 2008) | 4 lines

Set up umask as a possible configuration option.
(closes issue ASTERISK-12943)
Reported by: irroot