[asterisk-bugs] [Asterisk 0013751]: All Call Recordings are world readable [Security Risk]
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Oct 21 09:08:15 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13751
======================================================================
Reported By: irroot
Assigned To: Corydon76
======================================================================
Project: Asterisk
Issue ID: 13751
Category: Applications/app_mixmonitor
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
Asterisk Version: 1.6.0
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-10-21 04:15 CDT
Last Modified: 2008-10-21 09:08 CDT
======================================================================
Summary: All Call Recordings are world readable [Security
Risk]
Description:
As recordings are a sensitive issue and in most cases regulated by law and
in some cases not permited at all the recording mechanisim needs to be as
secure as possible.
Idealy the filemodes should be configrable and there should be a way of
modifying the owner/group [requires the system be run as root] so only
authorised users in a particular group have access to this data.
if the system is not running as root setting the mode to a mode other than
universal read access should still be concidered best practice.
IMHO the default mask should be 0640 at least ...
======================================================================
----------------------------------------------------------------------
(0094032) blitzrage (administrator) - 2008-10-21 09:08
http://bugs.digium.com/view.php?id=13751#c94032
----------------------------------------------------------------------
Tilghman, your thoughts?
Issue History
Date Modified Username Field Change
======================================================================
2008-10-21 09:08 blitzrage Note Added: 0094032
======================================================================
More information about the asterisk-bugs
mailing list