[Asterisk-Users] Broadvoice asterisk patch
Tom Lahti
tom at tx3.net
Wed Nov 10 14:54:17 MST 2004
At 01:14 PM 11/10/2004, you wrote:
> >the patch is pure c code. it took me 5 mins to read & understand
> >it. is very simple (but useful).
> >Simply that patch (apart from adding some logs, comments
> >and little code formatting) simply caches auth data
> >AND let * manage 403 responses from the server,
> >and this last one perhaps is the issue that
> >was overloading BV .
> >
> >so, just read it (or let someone do for it) and understand
> >that's not a problem :)
>
>If you're joking, :).
>
>If you're serious, go read a primer on security.
>
>Do you patch your kernel the same way?
>
>-Michael
I don't see a security issue with his method.
If you (a) read the entire patch and (b) comprehend fully everything that
it does, then there's nothing to worry about. Fear comes from the unknown,
and if you know everything in the patch, there's nothing to fear.
Understanding kernel patches requires a bit more legerdemain that other
types since you're generally dealing at a very low level with hardware,
filesystems, memory, etc, but the same applies. If you're the type that
can read a kernel patch fully and comprehend it fully, there's no fear left
for what's inside it.
--
Tom
More information about the asterisk-users
mailing list