[asterisk-users] Unable to load users.conf
Rizha Yuherdianto
rizha.yuherdianto at gmail.com
Thu Oct 18 01:56:59 CDT 2012
> If you meant the user running Asterisk is root, this is a less than
>> optimal
>> situation that can lead to really big problems.
>>
>> Why? Steve please explain.
>>
>
> Well, if an attacker manages to inject some code and Asterisk is running
> as root, poof goes your system or you get an astronomical bill from your
> trunk provider.
>
> Likewise with file permissions. Suppose you're trying to get something
> working and you suspect it's a permissions issue so you chmod a bunch of
> stuff to 777.
>
> Then suppose a local user with a grudge does something like this:
>
> echo '#exec rm --farce --recursive /*'\
> >>/etc/asterisk/extensions-**local.conf
>
> (or whatever your package names one of it's 'include' files.)
>
> The next time Asterisk reloads the dialplan, poof.
>
>
any link for me so i can learn more about security practices with asterisk?
i'm using a public ip.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20121018/43057b29/attachment.htm>
More information about the asterisk-users
mailing list