[asterisk-security] SGID on zaptel 1.4.5 and 1.4.6
Nicki de Wet
nicki at astcape.co.za
Sun Dec 9 13:26:32 CST 2007
Tzafrir Cohen wrote:
> On Fri, Dec 07, 2007 at 12:53:21PM +0200, Nicki de Wet wrote:
>
> As soeone who studies for an LPI exam, I would have expected more from
> you:
>
> * What switches of tar would allow this and under what circumstances?
>
>
--preserve which seems to be a default?
> * What security implications (if at all) does it have?
>
>
Nothing really, it just means all files and directories created will
have the same owner as the parent directory, regardless of the user id
creating the file or diretory.
So maybe it is not a security issue, but I just wanted to highlight it,
since it was not the same in zaptel-1.4.0 and zaptel-1.4.3 (don't have
other versions on the system)
:-)
More information about the asterisk-security
mailing list