[Asterisk-Dev] Is anyone thinking anymore?

Kevin Walsh kevin at cursor.biz
Fri Jul 30 10:07:30 MST 2004


Greg Boehnlein [damin at nacs.net] wrote:
> However, the coding that was done to prevent buffer overflows, is not off
> topic, and is just good, proactive thinking. It is important to have in a
> system that touches the network through multiple protocols and runs as
> root.
>
I'm all for a proactive approach, and the patches in question certainly
don't do any harm.  As you said, they may even do some good in the
future by helping to block a potential security risk or two.

By the way, you don't have to run Asterisk as root.  I run it as
asterisk:asterisk (uid:gid).  I've submitted a patch to the bug tracker
that allows the "-p" (priority) switch to be used even if you specify
a non-root UID.

You will, of course, have to ensure that the Asterisk user has
read/write access to any device or other files it needs.  I have a
couple of "chown -R" commands in the Asterisk init.d startup script
to take care of this just in case the permissions go astray in the
future.  I also ensure that the /dev/zap directory has a mode of 0700
and is owned by the Asterisk user.  That probably doesn't change
matters, as far as Asterisk is concerned, but it certainly makes me
feel more comfortable.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/




More information about the asterisk-dev mailing list