Bug#398467: destar: Fails to write configuration for /etc/zaptel.conf

Tzafrir Cohen tzafrir.cohen at xorcom.com
Tue Nov 14 07:43:14 CET 2006


On Mon, Nov 13, 2006 at 05:08:56PM -0500, Alejandro Rios P. wrote:
> Package: destar
> Version: 0.2.0-3
> Severity: important
> 
> After choosing the "save all changes" option, the first time destar is
> used, I got this error on the browser:

[ snip ]

> IOError: [Errno 13] Permission denied:
> 	'/etc/zaptel.conf'

One small note:

zaptel.conf is the configuration file used by ztcfg to  apply
configuration to Zaptel devices. It is normally run by root as part of
the zaptel init.d script . On some systems it is set as a "install"
action of most zaptel modules. We saw in a recent bug report (forgot the
number) a little buffer overflow caused by some syntax error. I bet that
this isn't the only one.

Running it does not require any more permissions that Asterisk already
has: write access to /dev/zap/ctl and probably to some other devices
under /dev/zap .

So a simple soltion to this bug may provide a theoretic way for the
Asterisk user (which destar is running under) to gain root. There is a
way around it, but it complicates things.

-- 
               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir




More information about the Pkg-voip-maintainers mailing list