Bug#279052: asterisk creates file /.asterisk_history on shutdown

Mark Purcell Mark Purcell <msp@debian.org>, 279052@bugs.debian.org
Sat, 6 Nov 2004 13:09:02 +1100 

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Russell,

The Debian asterisk package which is started from /etc/init.d/asterisk is r=
un=20
as it's own user (asterisk) and thus  should not be able to write anything =
to=20
your root directory. So I don't believe this is an issue with asterisk run=
=20
normally with Debian.

I can however confirm that if asterisk is run as root from the command line=
=20
then it will leave a /.asterisk_history file lying around.  I'll forward=20
upstream for consideration.

Mark


On Sun, 31 Oct 2004 05:17 pm, Russell Coker wrote:
> Package: asterisk
> Version: 1:1.0.1-1
> Severity: normal
>
> A daemon should never create a file in the root directory.  Temporary fil=
es
> such as .asterisk_history can be in /var/lib or /var/run.  Any place other
> than the root directory.
>
> Putting files in the root directory exposes information to untrusted user=
s,
> it causes problems with a read-only root fs system, and it breaks the FHS.
>
> -- System Information:
> Debian Release: 3.1
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.9-se
> Locale: LANG=3DC, LC_CTYPE=3DC (charmap=3DANSI_X3.4-1968)
>
> Versions of packages asterisk depends on:
> ii  asterisk-sounds       1:1.0.1-1          Sound files for asterisk
> ii  libasound2            1.0.6-3            ALSA library
> ii  libc6                 2.3.2.ds1-18       GNU C Library: Shared
> libraries an ii  libedit2              2.9.cvs.20040827-1 BSD editline and
> history libraries ii  libexpat1             1.95.8-1           XML parsing
> C library - runtime li ii  libgcc1               1:3.4.2-3          GCC
> support library
> ii  libglib1.2            1.2.10-9           The GLib library of C routin=
es
> ii  libgsm1               1.0.10-13          Shared libraries for GSM
> speech co ii  libgtk1.2             1.2.10-17          The GIMP Toolkit s=
et
> of widgets fo ii  libncurses5           5.4-4              Shared librari=
es
> for terminal hand ii  libopenh323-1.13.2    1.13.5.4-4         H.323 aka
> VoIP library ii  libpq3                7.4.6-2            Shared library
> libpq.so.3 for Post ii  libpri1               1.0.1-1            Primary
> Rate ISDN specification li ii  libpt-1.6.3           1.6.6.4-5        =20
> Portable Windows Library ii  libspeex1             1.0.rel.4-1        The
> Speex Speech Codec ii  libssl0.9.7           0.9.7d-5           SSL shared
> libraries
> ii  libtonezone1          1:1.0.0-1          tonezone library (runtime)
> ii  libx11-6              4.3.0.dfsg.1-8     X Window System protocol
> client li ii  libxext6              4.3.0.dfsg.1-8     X Window System
> miscellaneous exte ii  libxi6                4.3.0.dfsg.1-8     X Window
> System Input extension li ii  unixodbc              2.2.4-11           OD=
BC
> tools libraries
> ii  xlibs                 4.3.0.dfsg.1-8     X Window System client
> libraries m ii  zlib1g                1:1.2.2-1          compression
> library - runtime
>
> -- no debconf information
>
>
> _______________________________________________
> Pkg-voip-maintainers mailing list
> Pkg-voip-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-voip-maintainers
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBjDI+oCzanz0IthIRAhyWAJ47kWQl/4mGlVxQTuZgV8JGCJryJQCdETPb
KVYoQkSirWsVx2sePaKLIjk=3D
=3D6ao/
=2D----END PGP SIGNATURE-----