[Asterisk-Dev] Is anyone thinking anymore?
Kevin Walsh
kevin at cursor.biz
Fri Jul 30 10:07:30 MST 2004
Greg Boehnlein [damin at nacs.net] wrote:
> However, the coding that was done to prevent buffer overflows, is not off
> topic, and is just good, proactive thinking. It is important to have in a
> system that touches the network through multiple protocols and runs as
> root.
>
I'm all for a proactive approach, and the patches in question certainly
don't do any harm. As you said, they may even do some good in the
future by helping to block a potential security risk or two.
By the way, you don't have to run Asterisk as root. I run it as
asterisk:asterisk (uid:gid). I've submitted a patch to the bug tracker
that allows the "-p" (priority) switch to be used even if you specify
a non-root UID.
You will, of course, have to ensure that the Asterisk user has
read/write access to any device or other files it needs. I have a
couple of "chown -R" commands in the Asterisk init.d startup script
to take care of this just in case the permissions go astray in the
future. I also ensure that the /dev/zap directory has a mode of 0700
and is owned by the Asterisk user. That probably doesn't change
matters, as far as Asterisk is concerned, but it certainly makes me
feel more comfortable.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the asterisk-dev
mailing list