[asterisk-dev] AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

Kevin P. Fleming kpfleming at digium.com
Fri Nov 9 06:51:50 CST 2007

Tzafrir Cohen wrote:

> Hence chances are you'll need to use sudo in such a scenario, with your
> own script. And won't allow the user to just pass an arbitrary interface
> name.

In addition, the Zaptel installation process does not (and never has)
installed 'sethdlc' as setuid-root, so if the user chooses to do that,
they must be aware of the possibility of it being used improperly,
whether it has bugs or not. It has never been a tool intended for
'regular user' use, it is for system configuration.

Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)

More information about the asterisk-dev mailing list