Bug#304615: vmail.cgi permissions
ms419@freezone.co.uk, 304615@bugs.debian.org
ms419@freezone.co.uk, 304615@bugs.debian.org
Sun, 12 Jun 2005 12:29:41 -0700
I also encountered Michel's problem. To solve it, I made vmail.cgi suid
asterisk & installed perl-suid - as recommended here -
http://voip-info.org/tiki-index.php?page=Asterisk+gui+vmail.cgi
This works for me - I can check my voicemail online
I suppose adding www-data to the asterisk group should work also. I'm
no security expert, so I can't compare the merit of these solutions -
but doesn't adding www-data to the asterisk group mean giving all CGIs
access to asterisk-only data?
At the least, solutions should be discussed in README.Debian
Many thanks for your work on open source telephony!
Jack