[Asterisk-code-review] res_crypto: Don't load non-regular files in keys directory (asterisk[master])
Kevin Harwell
asteriskteam at digium.com
Wed Jul 13 17:46:50 CDT 2022
Attention is currently required from: George Joseph, Philip Prindeville.
Kevin Harwell has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/18533 )
Change subject: res_crypto: Don't load non-regular files in keys directory
......................................................................
Patch Set 13: Code-Review-1
(2 comments)
Patchset:
PS12:
> @George Should I add extra logic to (1) enforce file ownership and permissions for the keys, (2) enf […]
My take would be to perhaps make them optional. Defaulting each to the "safer" selection. While potentially breaking a user's current setup (master only) at least there would be a way for folks to choose what they'd allow/disallow.
File res/res_crypto.c:
https://gerrit.asterisk.org/c/asterisk/+/18533/comment/7963b1c2_1c92013e
PS13, Line 513: if (ent->d_type != DT_REG) {
Would symbolic links even load before? If so then this has the potential to break current user setup, which is potentially fine in master (I think would be better to have as an option).
That said I think this should have a mention in the UPGRADE.txt if left in.
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18533
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ie77e0648f8b0b1c2159fb24662d1989cfd4cc36d
Gerrit-Change-Number: 18533
Gerrit-PatchSet: 13
Gerrit-Owner: Philip Prindeville <philipp at redfish-solutions.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-CC: Joshua Colp <jcolp at sangoma.com>
Gerrit-Attention: George Joseph <gjoseph at digium.com>
Gerrit-Attention: Philip Prindeville <philipp at redfish-solutions.com>
Gerrit-Comment-Date: Wed, 13 Jul 2022 22:46:50 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: Philip Prindeville <philipp at redfish-solutions.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220713/16b483f3/attachment.html>
More information about the asterisk-code-review
mailing list