[Asterisk-Users] Asterisk & sudo from httpd
Tzafrir Cohen
tzafrir at technion.ac.il
Tue Sep 7 01:08:16 MST 2004
On Mon, Sep 06, 2004 at 01:32:19PM -0500, Matthew Boehm wrote:
> thats about the most unsecure thing I've ever seen. there is a reason you
> don't run apache as root and therefore having a script that sudo's is just
> as bad.
>
> try using the manager interface for better security. * shouldn't be running
> as root either if we want to get nitty-gritty about security.
Not exactly. sudo allows you a more fine-grained control than simply
running apache as root. In what I suggested (and I hope that this is
what the original sender meant) apache is only allowed to query the
asterisk process for the version. Any other command-line is rejected. I
can't see any problem with that, except a possible DoS attack. But that
DoS attack will probably be available with any other alternative method.
--
Tzafrir Cohen +---------------------------+
http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend|
mailto:tzafrir at technion.ac.il +---------------------------+
More information about the asterisk-users
mailing list