[asterisk-bugs] [Asterisk 0015364]: File Permissions On Voicemails Left To Multiple Recipients Incorrect

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Aug 25 16:21:19 CDT 2009


The following issue has been CLOSED 
====================================================================== 
https://issues.asterisk.org/view.php?id=15364 
====================================================================== 
Reported By:                muiz
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   15364
Category:                   Applications/app_voicemail
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Asterisk Version:           SVN 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
Resolution:                 won't fix
Fixed in Version:           
====================================================================== 
Date Submitted:             2009-06-19 17:05 CDT
Last Modified:              2009-08-25 16:21 CDT
====================================================================== 
Summary:                    File Permissions On Voicemails Left To Multiple
Recipients Incorrect
Description: 
It is possible to leave a single voicemail to multiple recipients using
the following syntaz for the VoiceMail command:

exten => s,1,VoiceMail(101&102&103)

This will leave voicemail in the INBOX for extension 101, 102 and 103.
The permissions for the voicemail audio file in 101 are correctly set to
0666. However, for the copies made in 102 and 103 the permissions are
set to 0600. This means that scripts which run under a different user
such as Apache running as apache can not read the file, hence vmail.cgi
fails. 

It looks like the copy of the voicemail is done by copy_message() in
app_voicemail.c and this function does not set the permissions of the
copy.
====================================================================== 

---------------------------------------------------------------------- 
 (0109638) tilghman (administrator) - 2009-08-25 16:21
 https://issues.asterisk.org/view.php?id=15364#c109638 
---------------------------------------------------------------------- 
While this is absolutely true, because of the security implications of
changing the file permissions midway through a release cycle, we decided
not to alter 1.4 in this way.  In 1.6, we do indeed set the permissions to
0666, which will be modified by the process umask.  This is not something
we're likely to change in 1.4 ever, and we'd recommend upgrading to 1.6
anyway.  If you did want to modify your copy of 1.4, understanding that
this change will not be accepted, the function is copy() within main/file.c
that would need the 0600 changed to 0666. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-08-25 16:21 tilghman       Note Added: 0109638                          
2009-08-25 16:21 tilghman       Status                   new => closed       
2009-08-25 16:21 tilghman       Resolution               open => won't fix   
======================================================================




More information about the asterisk-bugs mailing list