reopen 500294 thanks On Saturday 27 September 2008 16:30, Mark Purcell <[EMAIL PROTECTED]> wrote: > On Saturday 27 September 2008 10:10:23 Russell Coker wrote: > > Granting a daemon access to the root home directory is a security > > problem. > > Thanks for your report. > > The asterisk daemon isn't granted access to the root home directory.
If the SE Linux policy is to permit access to that file, then asterisk_t needs unconfined_home_dir_t:dir search access as well as unconfined_home_t:file rw_file_perms access. > In fact when run correctly it runs as user asterisk and has no write access > to the root directory. Yet the daemon start script creates that file. rm it, restart the daemon, and observe. gw:~# rm -f /root/.asterisk_history gw:~# /etc/init.d/asterisk restart Stopping Asterisk PBX: asterisk. Starting Asterisk PBX: asterisk. gw:~# ls -l /root/.asterisk_history -rw------- 1 root root 13 2008-09-27 17:13 /root/.asterisk_history gw:~# > However if an admin starts asterisk as root and not via init.d/asterisk > then there is potential that it will write files to the root directory. > However Debian doesn't recommend this. > > If you start asterisk as root then you should run with the -U flag. Whatever is necessary to make asterisk not create that file is apparently not being done by the asterisk package in Lenny. > Upstream run asterisk as root, Debian has run asterisk as user asterisk for > years.. > > > Also having random files created in the /root directory is an annoyance. > > The correct place for .asterisk_history is under /var/lib/asterisk. > > We did actually discuss this with an earlier bug report of yours from 2004: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279052 I had forgotten about that one. The issue still isn't fixed, which of the two bugs would you prefer to keep open? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
