[asterisk-bugs] [Asterisk 0011742]: Please merge the ToS/libcap patch to 1.4 branch

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Jan 11 12:15:57 CST 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11742 
====================================================================== 
Reported By:                paravoid
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   11742
Category:                   Core-General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.17 
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             01-11-2008 08:50 CST
Last Modified:              01-11-2008 12:15 CST
====================================================================== 
Summary:                    Please merge the ToS/libcap patch to 1.4 branch
Description: 
trunk contains a patch that uses libcap to retain the CAP_NET_ADMIN
capability so that Asterisk can set the ToS IP field even when its
privileges are dropped.

I've backported this patch to 1.4 with success.

The patch is quite small:
 configure.ac                     |    5 +++++
 doc/security.txt                 |    7 +++++++
 include/asterisk/autoconfig.h.in |    6 ++++++
 main/Makefile                    |    3 +++
 main/asterisk.c                  |   31 ++++++++++++++++++++++++++-----
 makeopts.in                      |    3 +++
 6 files changed, 50 insertions(+), 5 deletions(-)

The patch is in trunk for quite some time and is well-tested.

This will allow people that need ToS to be able to drop Asterisk's
privileges, lowering a potential security vulnerability impact.

All the code changes are #ifdef HAS_CAP, so it doesn't affect people who
don't have libcap.
====================================================================== 

---------------------------------------------------------------------- 
 Corydon76 - 01-11-08 12:15  
---------------------------------------------------------------------- 
We only break the rule generally in order to implement a bugfix.  i.e. if
fixing a bug correctly forces us to add a new option to an application,
then we'll add the new option, even though it could be considered a feature
add. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
01-11-08 12:15  Corydon76      Note Added: 0076724                          
======================================================================

More information about the asterisk-bugs mailing list