[Asterisk-Dev] Is anyone thinking anymore?
Greg Boehnlein
damin at nacs.net
Fri Jul 30 11:35:54 MST 2004
On Fri, 30 Jul 2004, Kevin Walsh wrote:
> Greg Boehnlein [damin at nacs.net] wrote:
> > However, the coding that was done to prevent buffer overflows, is not off
> > topic, and is just good, proactive thinking. It is important to have in a
> > system that touches the network through multiple protocols and runs as
> > root.
> >
> I'm all for a proactive approach, and the patches in question certainly
> don't do any harm. As you said, they may even do some good in the
> future by helping to block a potential security risk or two.
>
> By the way, you don't have to run Asterisk as root. I run it as
> asterisk:asterisk (uid:gid). I've submitted a patch to the bug tracker
> that allows the "-p" (priority) switch to be used even if you specify
> a non-root UID.
And Mark has added -U (user) and -G (group) patches so that Asterisk
switches UID at startup. I've also submitted patches that are now in CVS
to the rc.redhat.asterisk and rc.debian.asterisk (and BRC is doing
rc.gentoo.asterisk), as well as modified safe_asterisk to be able to pass
through command line arguements. So, the groundwork is layed for asterisk
to run as a non-root user. Someone just needs to decide that this is the
-RIGHT- way to do it and "we" the developers need to update all the
Makefiles, scripts, drivers and such to install as non-root.
Probably the best way to go about it is for someone to open a bug report
that is "Non-Root Asterisk Patches" and everyone can contribute their
patches to that. That way, it can be included in CVS "when it is ready".
However, (IMHO) we need to update the Makefile to support building for a
specific distribution (I.E. make install redhat, or make install debian)
so that we can ensure proper user/group setup and clean install into
SysVInit.
If Mark says "Make it so", I'm onboard to commit resources to making this
a reality. However, I think it would be a bad idea to do BEFORE 1.0 is
released as we are already working on the second release candidate and I
feel it is an inappropriate time to introduce such drastic changes. These
are best suited for a forked development tree.
> You will, of course, have to ensure that the Asterisk user has
> read/write access to any device or other files it needs. I have a
> couple of "chown -R" commands in the Asterisk init.d startup script
> to take care of this just in case the permissions go astray in the
> future. I also ensure that the /dev/zap directory has a mode of 0700
> and is owned by the Asterisk user. That probably doesn't change
> matters, as far as Asterisk is concerned, but it certainly makes me
> feel more comfortable.
Yep. :) No need to run as root. Just opens the system up to potential
vunerability from unaudited code.
--
Vice President of N2Net, a New Age Consulting Service, Inc. Company
http://www.n2net.net Where everything clicks into place!
KP-216-121-ST
More information about the asterisk-dev
mailing list