[asterisk-bugs] [Asterisk 0009999]: runasuser/runasgroup used even for -r means reconnecting users must be root

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Aug 31 17:29:48 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=9999 
====================================================================== 
Reported By:                stuarth
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   9999
Category:                   Core/Configuration
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.4 
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             06-18-2007 05:26 CDT
Last Modified:              08-31-2007 17:29 CDT
====================================================================== 
Summary:                    runasuser/runasgroup used even for -r means
reconnecting users must be root
Description: 
When runasuser/runasgroup are configured in asterisk.conf, they are used
whenever Asterisk is started, including when reconnecting to a running
instance. This means that it's not possible to just use filesystem
permissions on asterisk.ctl to restrict access, since without being root
the setuid/setgid calls will fail.

Wrapping the setuid block in main/asterisk.c with "if(!ast_opt_remote) {
... }" would makes things easier.
====================================================================== 

---------------------------------------------------------------------- 
 tzafrir - 08-31-07 17:29  
---------------------------------------------------------------------- 
Took a slightly different approach here: the test here is the same test
applied as in the case of is_child_of_nonroot. Thus I renamed
is_child_of_nonroot to can_drop_privs (reversing its logic to avoid
neegations).

can_drop_privs will now be set by default, and reset in the following
cases:
* A remote console. No use dropping priviliges.
* If we have already dropped privileges, and now we re-exec (through a
restart command). 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-31-07 17:29  tzafrir        Note Added: 0069810                          
======================================================================

More information about the asterisk-bugs mailing list