[asterisk-bugs] [Asterisk 0015101]: [patch] SIP allowguest defaults to yes with 'make samples'
Asterisk Bug Tracker
noreply at bugs.digium.com
Sun Sep 20 23:21:51 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15101
======================================================================
Reported By: alecdavis
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 15101
Category: Core/Configuration
Reproducibility: always
Severity: minor
Priority: normal
Status: feedback
Asterisk Version: SVN
JIRA:
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!): 192214
Request Review:
======================================================================
Date Submitted: 2009-05-13 17:20 CDT
Last Modified: 2009-09-20 23:21 CDT
======================================================================
Summary: [patch] SIP allowguest defaults to yes with 'make
samples'
Description:
Proposal to change sip.conf.sample and extensions.conf.sample
So that new a install has sip.conf has allowguest=no in the [general]
section
and extensions.conf to have a warning in the [default] section that
sip.conf may have allowguest=yes or the default of yes.
======================================================================
----------------------------------------------------------------------
(0111056) tilghman (administrator) - 2009-09-20 23:21
https://issues.asterisk.org/view.php?id=15101#c111056
----------------------------------------------------------------------
Out of the box, Apache doesn't allow one to access /etc/passwd, either, and
Asterisk sample configurations don't allow you to make free outbound
calls.
However, once the configuration has been altered, Apache will let you
access /etc/passwd, firewalls will let you pass all data, mail servers will
let spam pass, and MySQL will allow connections from anywhere.
We aren't responsible for what people might do with their Asterisk
servers, only that the _default_ configuration is safe. Guest access is
perfectly safe, as long as people don't _change_ the sample configuration
to make it unsafe. A warning in the appropriate place is fine to ward that
off.
If you want to change this, then you need to send an email to the
asterisk-dev list, detailing your proposed change to the defaults, and an
appropriate decision can be made by discussion. The bugtracker is never
the proper forum for these discussions.
Issue History
Date Modified Username Field Change
======================================================================
2009-09-20 23:21 tilghman Note Added: 0111056
======================================================================
More information about the asterisk-bugs
mailing list