[asterisk-bugs] [AsteriskNOW 0013004]: Default install gives root access without password
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Jul 24 22:37:33 CDT 2008
The following issue has been CLOSED
======================================================================
http://bugs.digium.com/view.php?id=13004
======================================================================
Reported By: kactus
Assigned To: bkruse
======================================================================
Project: AsteriskNOW
Issue ID: 13004
Category: Base OS
Reproducibility: always
Severity: feature
Priority: normal
Status: closed
Resolution: open
Fixed in Version:
======================================================================
Date Submitted: 2008-07-06 20:01 CDT
Last Modified: 2008-07-24 22:37 CDT
======================================================================
Summary: Default install gives root access without password
Description:
Hi everyone, been playing around with asterisk now, one thing I noticed is
that the default install sets the system to boot straight into console
menu. Since this is desirable from the aspect of allowing an end user to
reboot the system if required, it’s understandable.
However from here you can jump straight into the asterisk console running
as root. This allows you to execute system commands (using the !) on the
baseOS to stop and start services, overwrite files, and generally run
amuck.
Creating a folder and checking the permissions confirms that the owner is
root.
Can we see in a future release the ability possibly mimic su behaviour so
that using the ! requires the password or better still run the system in
something akin to a freebsd jail?
I know it probably isn't too high a priority but unfortunately since we
support many clients who "like to tinker" the last thing we would want is
for them to create more work for us. We run an all you can eat, per seat
monthly fee, support model so it being able to lock users out of where they
don't need to be is beneficial.
Thanks - Kactus
======================================================================
----------------------------------------------------------------------
(0090678) bkruse (manager) - 2008-07-24 22:37
http://bugs.digium.com/view.php?id=13004#c90678
----------------------------------------------------------------------
no fix required.
Issue History
Date Modified Username Field Change
======================================================================
2008-07-24 22:37 bkruse Note Added: 0090678
2008-07-24 22:37 bkruse Status assigned => closed
======================================================================
More information about the asterisk-bugs
mailing list