freepbx packages - soon
Diego Iastrubni
diego.iastrubni at xorcom.com
Wed Mar 22 16:28:10 UTC 2006
Lionel Elie Mamane wrote:
>On Mon, Mar 20, 2006 at 10:21:51AM +0200, Diego Iastrubni wrote:
>
>
>
>
>
>>One of the ugliest things is that the package will modify the user
>>www-data and add it to the group "asterisk". This is the only way
>>for users to be able to modify asterisk files from the web. Way
>>ugly, but must be done.
>>
>>
>
>It is above all highly insecure.
>
>
>
I know this. I am hoping to hear a better solution.
Just to be clear, this is how freepbx works:
1) User sees information which is pulled out of mysql
2) User modifies information into mysql
3) User presses "ok" -> all the configuration is saved into
/etc/asterisk/*.conf
stage 3 is the problematic. This is executed by a php-cli script which
MUST have write access to those files.
There is also another package called Asterisk Recording Interface, which
has direct access to the voicemail files.
Using those GUIs is a risk, but IMHO whoever wants them will get them,
even with all those sequerity holes.
More information about the Pkg-voip-maintainers
mailing list