> If you meant the user running Asterisk is root, this is a less than >> optimal >> situation that can lead to really big problems. >> >> Why? Steve please explain. >> > > Well, if an attacker manages to inject some code and Asterisk is running > as root, poof goes your system or you get an astronomical bill from your > trunk provider. > > Likewise with file permissions. Suppose you're trying to get something > working and you suspect it's a permissions issue so you chmod a bunch of > stuff to 777. > > Then suppose a local user with a grudge does something like this: > > echo '#exec rm --farce --recursive /*'\ > >>/etc/asterisk/extensions-**local.conf > > (or whatever your package names one of it's 'include' files.) > > The next time Asterisk reloads the dialplan, poof. > > any link for me so i can learn more about security practices with asterisk? i'm using a public ip.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello
asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
