Bug#1085831: Asterisk security update drops supplementary group permissions
Dara Adib
daradib at ocf.berkeley.edu
Tue Oct 22 19:32:33 BST 2024
Package: asterisk
Version: 1:16.28.0~dfsg-0+deb11u5
Severity: important
Tags: security
X-Debbugs-Cc: Thorsten Alteholz <debian at alteholz.de>, Niels Galjaard
<galjaardniels at gmail.com>
In the latest bullseye security update (thank you for maintaining!),
which was backported from unstable and experimental, the "-G asterisk"
argument was added to ExecStart in the systemd unit file. This
hardcodes asterisk as the group to run the daemon, in order to prevent
the group from being changed in asterisk configuration to escalate
permissions.
However, this also drops any supplementary groups that the asterisk
user may have been added to. If the asterisk user was added to the
ssl-cert group to read TLS certificate keys, it now fails to load
them.
The file main/asterisk.c contains setgroups(0, NULL) which drops
supplementary groups:
if (isroot && rungroup) {
[...]
if (setgid(gr->gr_gid)) {
[...]
}
if (setgroups(0, NULL)) {
[...]
}
}
I believe the following systemd unit configuration should limit the
group without dropping supplementary groups:
ExecStart=/usr/sbin/asterisk -g -f -p -U asterisk
Group=asterisk
(You could also specify the User directly in systemd, but asterisk
uses root to set real-time priority, so that would require setting the
priority in systemd as well)
Best,
Dara
More information about the Pkg-voip-maintainers
mailing list