Paul Davidson wrote:
> All-
>
> I am finishing up a PHP class, that works on astlinux, that can be used
> to build a web based Voicemail interface for the asterisk file-based
> voicemail storage system. I've specifically tuned it for astlinux, as I
> think it makes a nice, lightweight replacement for the Perl based script
> originally written by Mark, which of course will not run on astlinux.
> This class is not based at all on the Perl project, other than the base
> idea. Combined with a basic set of pages to give a user interface to
> the class, it supports on-page playback, email forwarding, and call
> return based on callerid, amoung the basic features.
>
> I do have a couple of questions I'd like to put out to the general
> astlinux community- call it a request for comment- while I am doing my
> cleanups, optimizations, and improving the code quality/readability.
> I'm open for suggestion here:
>
> 1. The primary problem is in the way asterisk stores voicemail- owned by
> the process owner of Asterisk, readable by no one else. Asterisk of
> course runs as root (default config). In order for the web based
> interface to read the voicemail, I have to run the web server under root
> authority- which is a big security concern. While we can lock down the
> web server and php pretty tightly- there are some known exploits, and no
> doubt more will occur in the future. The original Perl script, has the
> same issue, and uses perl modules to adopt necessary authority. I could
> ignore the problem entirely, as most astlinux systems are not (I hope)
> configured to allow web page access from the public Internet, and given
> the design principles, are not configured for large LANs, thus reducing
> the risk- but that doesn't make me happy. If anyone has any other
> suggestions, I'm open to them- while complete, I can rewrite the file
> handling parts if needed. Another solution might be to reconfigure
> Asterisk to run under a different user ID than root, with less
> authority- which wouldn't be a bad strategy for astlinux in general, but
> would represent a significant change to it's current default configuration.
>
> 2. How do I go about getting this into the astlinux stream? For stated
> reasons, I'd like to release it here first. I'm unclear, however, how
> to get it into the distribution, and it does require some per-user
> configuration to work, so it's not a good candidate for rc.conf. I will
> publish it via this list once I'm a little more confident in it's
> ability to work properly, and open it up to all here for code review.
>
> Thanks for any and all comment- and a big thanks to the maintainers of
> astlinux, who make this possible.
>
> -pbd
>
Paul,
First of all, thank you very much for taking the time to develop this.
The perl script (vmail) was not usable on AstLinux and had some issues
in general. I'm glad someone came along to work on this in PHP (which
works in AstLinux, too).
1) This is the primary problem. In AstLinux, we have a couple of
options. First of all, there are two web servers that run - one uses
https and runs as root by default (this is because it hosts the admin
interface and needs to write files). The other is HTTP only and runs as
"nobody" by default. Depending on whether you think this needs to use
HTTP or HTTPS, there might not be that many issues...
Regarding running Asterisk as root in AstLinux... I have thought a lot
about this. Asterisk runs as root in AstLinux because on most of these
systems (Soekris, etc) we need need kernel preemption. Without it, the
main goal of AstLinux - to create a PBX - would suffer. The security
concerns with this don't really bother me all that much. Given that
AstLinux systems are designed to run Asterisk as the primary function,
if someone hacks Asterisk (whether root or not) they can cause a
significant amount of damage, and destroy the ability for the system to
process calls - it's primary function.
However, I can see why in some cases it would be better to run it as a
non-privileged user (asterisk, for instance). I should add an rc.conf
option for this.
1a) Scenario 1 - run your script in the HTTPS root (as root). It will
just work :)
1b) Scenario 2 - run your script in the HTTP root as nobody. You could
then write a shell script that could be run by Asterisk (voicemail.conf
externnotify) to make the files "770 root:nobody" so that they could be
modified by Asterisk and your PHP script, run by the web server as
nobody. This would be the simplest, most relatively secure way to
implement this.
1c) Scenario 3 - Start yet another httpd process on an alternate port
for user voicemail access (run as a totally separate user - vmail or
something). Same issues as above (run externnotify). This would
require the most changes to AstLinux and would require most of the mods
from "b" above (externnotify, etc). This combined with a new rc.conf
option for running Asterisk as a separate user could be pretty neat.
2) Easy! Send it to me (or the list) and we'll check it out. If
everything is good, I will include it in AstLinux SVN, probably as a
build option to Asterisk.
Thanks again! This is very cool!
--
Kristian Kielhofner
_______________________________________________
Astlinux-users mailing list
[email protected]
http://lists.kriscompanies.com/mailman/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]
