[asterisk-users] Asterisk Server Down

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sun Sep 17 07:50:53 MST 2006


On Sun, Sep 17, 2006 at 10:40:16AM -0400, Steve Totaro wrote:

> >you're right, one should proof, under which user asterisk runs...
> >Besides security reasons, running asterisk as root, doesn't it allow a
> >higher prioritization of asterisk processes?

This is why we let asterisk setuid itself to user asterisk, and don't
let the wrappr script handle that. Asterisk sets scheduling priority
before running setuid/setgid .

> I can see a problem with security issues but is it a bad thing to allow 
> higher priority of the asterisk process?  Not sure that it does anyways, 
> but I don't see how that is a bad thing?

It can help the quality of Audio. On the downside, it means that a 100%
CPU loop in asterisk is a pain to recover from. Security implications:
if someone can inject you one line to the dialpan, they can (under the
right circumstances) get your system stuck very badly . Unless you have
a manager connection availble.

-- 
Tzafrir Cohen         sip:tzafrir at local.xorcom.com
icq#16849755          iax:tzafrir at local.xorcom.com
+972-50-7952406          jabber:tzafrir at jabber.org
tzafrir.cohen at xorcom.com     http://www.xorcom.com


More information about the asterisk-users mailing list