Bug#304615: vmail.cgi permissions

ms419@freezone.co.uk, 304615@bugs.debian.org ms419@freezone.co.uk, 304615@bugs.debian.org
Sun, 12 Jun 2005 12:29:41 -0700

I also encountered Michel's problem. To solve it, I made vmail.cgi suid 
asterisk & installed perl-suid - as recommended here - 

This works for me - I can check my voicemail online

I suppose adding www-data to the asterisk group should work also. I'm 
no security expert, so I can't compare the merit of these solutions - 
but doesn't adding www-data to the asterisk group mean giving all CGIs 
access to asterisk-only data?

At the least, solutions should be discussed in README.Debian

Many thanks for your work on open source telephony!