Bug#398467: destar: Fails to write configuration for
/etc/zaptel.conf
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Tue Nov 14 07:43:14 CET 2006
On Mon, Nov 13, 2006 at 05:08:56PM -0500, Alejandro Rios P. wrote:
> Package: destar
> Version: 0.2.0-3
> Severity: important
>
> After choosing the "save all changes" option, the first time destar is
> used, I got this error on the browser:
[ snip ]
> IOError: [Errno 13] Permission denied:
> '/etc/zaptel.conf'
One small note:
zaptel.conf is the configuration file used by ztcfg to apply
configuration to Zaptel devices. It is normally run by root as part of
the zaptel init.d script . On some systems it is set as a "install"
action of most zaptel modules. We saw in a recent bug report (forgot the
number) a little buffer overflow caused by some syntax error. I bet that
this isn't the only one.
Running it does not require any more permissions that Asterisk already
has: write access to /dev/zap/ctl and probably to some other devices
under /dev/zap .
So a simple soltion to this bug may provide a theoretic way for the
Asterisk user (which destar is running under) to gain root. There is a
way around it, but it complicates things.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir at jabber.org
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list