[asterisk-dev] These fixes ok?
Jeffrey Ollie
jeff at ocjtech.us
Fri Apr 25 08:26:06 CDT 2008
On Fri, Apr 25, 2008 at 7:15 AM, Patrick
<asterisk-list at puzzled.xs4all.nl> wrote:
>
> Yesterday I tried to compile asterisk 1.2.28 on an up-to-date F8 laptop
> and bumped into some issues (http://pastebin.ca/996456). From Tilghman
> in #asterisk-dev I understood that 1.2 will not get any fixes besides
> security.
>
> File: channels/chan_iax2.c on line 1239
> Change: fd = open(s2, O_RDWR | O_CREAT | O_EXCL);
> To: fd = open(s2, O_RDWR | O_CREAT | O_EXCL, 0600);
>
> File: channels/chan_zap.c on line 9389
> Change: myfd = open(argv[4], O_CREAT|O_WRONLY);
> To: myfd = open(argv[4], O_CREAT|O_WRONLY, 0600);
>
> File: apps/app_chanspy.c on line 441
> Change: if ((fd = open(filename, O_CREAT | O_WRONLY, O_TRUNC, 0644))
> To: if ((fd = open(filename, O_CREAT | O_WRONLY, O_TRUNC))
Although they show up on F-8 as compile errors, these are actually
security problems. If you specify O_CREAT as a flag to open you need
to spcify the mode or the file may get created with random
permissions.
Jeff
More information about the asterisk-dev
mailing list