On Mon, Nov 13, 2006 at 05:08:56PM -0500, Alejandro Rios P. wrote:
> Package: destar
> Version: 0.2.0-3
> Severity: important
>
> After choosing the "save all changes" option, the first time destar is
> used, I got this error on the browser:
[ snip ]
> IOError: [Errno 13] Permission denied:
> '/etc/zaptel.conf'
One small note:
zaptel.conf is the configuration file used by ztcfg to apply
configuration to Zaptel devices. It is normally run by root as part of
the zaptel init.d script . On some systems it is set as a "install"
action of most zaptel modules. We saw in a recent bug report (forgot the
number) a little buffer overflow caused by some syntax error. I bet that
this isn't the only one.
Running it does not require any more permissions that Asterisk already
has: write access to /dev/zap/ctl and probably to some other devices
under /dev/zap .
So a simple soltion to this bug may provide a theoretic way for the
Asterisk user (which destar is running under) to gain root. There is a
way around it, but it complicates things.
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
