[asterisk-bugs] [Asterisk 0011742]: Please merge the ToS/libcap patch to 1.4 branch

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Jan 11 10:01:15 CST 2008 

The following issue has been ASSIGNED. 
====================================================================== 
http://bugs.digium.com/view.php?id=11742 
====================================================================== 
Reported By:                paravoid
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   11742
Category:                   Core-General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.17 
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             01-11-2008 08:50 CST
Last Modified:              01-11-2008 10:01 CST
====================================================================== 
Summary:                    Please merge the ToS/libcap patch to 1.4 branch
Description: 
trunk contains a patch that uses libcap to retain the CAP_NET_ADMIN
capability so that Asterisk can set the ToS IP field even when its
privileges are dropped.

I've backported this patch to 1.4 with success.

The patch is quite small:
 configure.ac                     |    5 +++++
 doc/security.txt                 |    7 +++++++
 include/asterisk/autoconfig.h.in |    6 ++++++
 main/Makefile                    |    3 +++
 main/asterisk.c                  |   31 ++++++++++++++++++++++++++-----
 makeopts.in                      |    3 +++
 6 files changed, 50 insertions(+), 5 deletions(-)

The patch is in trunk for quite some time and is well-tested.

This will allow people that need ToS to be able to drop Asterisk's
privileges, lowering a potential security vulnerability impact.

All the code changes are #ifdef HAS_CAP, so it doesn't affect people who
don't have libcap.
====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
01-11-08 10:01  file           Status                   new => assigned     
01-11-08 10:01  file           Assigned To               => russell         
======================================================================

More information about the asterisk-bugs mailing list