Bug#304615: vmail.cgi permissions
Sun, 12 Jun 2005 12:29:41 -0700
I also encountered Michel's problem. To solve it, I made vmail.cgi suid
asterisk & installed perl-suid - as recommended here -
This works for me - I can check my voicemail online
I suppose adding www-data to the asterisk group should work also. I'm
no security expert, so I can't compare the merit of these solutions -
but doesn't adding www-data to the asterisk group mean giving all CGIs
access to asterisk-only data?
At the least, solutions should be discussed in README.Debian
Many thanks for your work on open source telephony!