[asterisk-bugs] [Asterisk 0013751]: All Call Recordings are world readable [Security Risk]

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Oct 21 10:11:53 CDT 2008


The following issue has been CLOSED 
====================================================================== 
http://bugs.digium.com/view.php?id=13751 
====================================================================== 
Reported By:                irroot
Assigned To:                Corydon76
====================================================================== 
Project:                    Asterisk
Issue ID:                   13751
Category:                   Applications/app_mixmonitor
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     closed
Asterisk Version:           1.6.0 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2008-10-21 04:15 CDT
Last Modified:              2008-10-21 10:11 CDT
====================================================================== 
Summary:                    All Call Recordings are world readable [Security
Risk]
Description: 
As recordings are a sensitive issue and in most cases regulated by law and
in some cases not permited at all the recording mechanisim needs to be as
secure as possible.

Idealy the filemodes should be configrable and there should be a way of
modifying the owner/group [requires the system be run as root] so only
authorised users in a particular group have access to this data.

if the system is not running as root setting the mode to a mode other than
universal read access should still be concidered best practice.

IMHO the default mask should be 0640 at least ...
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-10-21 10:11 Corydon76      Status                   assigned => closed  
2008-10-21 10:11 Corydon76      Resolution               open => fixed       
2008-10-21 10:11 Corydon76      Description Updated                          
======================================================================




More information about the asterisk-bugs mailing list