| 1 |
Hi, |
| 2 |
|
| 3 |
In some ways not unlike the discussion around users being installed and |
| 4 |
later updated ... so I'm guessing I'm going to have varied opinions and |
| 5 |
feedback on this potentially. Ironically, asterisk was one of those |
| 6 |
users that had it's home folder (correctly) adjusted from |
| 7 |
/var/lib/asterisk to /dev/null. |
| 8 |
|
| 9 |
In this case: |
| 10 |
|
| 11 |
1. I would like to update where asterisk stores astdb (partially for |
| 12 |
security reasons); |
| 13 |
2. And on existing installs, /var/{lib,spool}/asterisk may well have |
| 14 |
what I consider to be insecure ownership and permissions. |
| 15 |
|
| 16 |
I have some ideas about the former (below), the latter I have no ideas |
| 17 |
about. |
| 18 |
|
| 19 |
There used to be a "fix permissions" script in the asterisk init script |
| 20 |
(that was considered to be a security vulnerability, and was removed, |
| 21 |
not to mention that it didn't exactly set same to be as secure as it can |
| 22 |
be, and there are legitimate reasons to not use the strictest possible |
| 23 |
permissions on *some* of the folders beneath both these locations, but |
| 24 |
most of them should be root:root, and root:asterisk in specific cases, |
| 25 |
and only in a very few cases asterisk:root possibly). Suggestions on |
| 26 |
fixing these permissions if (and only if) they were unmodified by the |
| 27 |
user. And making sure the user is aware of these. |
| 28 |
|
| 29 |
Re the former: https://bugs.gentoo.org/761442 relates. |
| 30 |
|
| 31 |
History: |
| 32 |
|
| 33 |
asterisk project simply used to install everything as |
| 34 |
asterisk:asterisk. Config files, resource files, everything, |
| 35 |
irrespective of whether or not runtime required write access or not (I |
| 36 |
think the exception was the binary and module libraries). This was from |
| 37 |
upstream project. Myself and a few others started upsetting the apple |
| 38 |
cart with things like "why are audio files installed writeable by |
| 39 |
asterisk?". Upstream caught onto this and started fixing some things up |
| 40 |
(I don't have references, but things have definitely changed). |
| 41 |
|
| 42 |
Bottom line: |
| 43 |
|
| 44 |
/var/lib/asterisk used to be installed as asterisk:root, 750. |
| 45 |
|
| 46 |
It's now being installed as root:root 755 (I'd prefer root:asterisk 750 |
| 47 |
personally) |
| 48 |
|
| 49 |
There are only two pieces of information inside /var/lib/asterisk that |
| 50 |
needs to (potentially) be writeable by asterisk. |
| 51 |
|
| 52 |
1. astdb.sqlite3 (and it's -journal file which doesn't always exist) |
| 53 |
2. coredump/ folder (only required if configured to core dump). |
| 54 |
|
| 55 |
The latter is a non-issue since this folder is specifically installed |
| 56 |
asterisk:root. |
| 57 |
|
| 58 |
astdb is a problem, since in order to create the -journal file I need to |
| 59 |
give write access to asterisk to the folder (which I'd prefer to not do). |
| 60 |
|
| 61 |
Disclaimer: Depending on what you're doing there might be motivation to |
| 62 |
have a few extra specific locations writeable by asterisk beneath |
| 63 |
/var/lib/asterisk (we do have that, but this should be an explicit |
| 64 |
action by the administrator in my opinion, if I could I'd install |
| 65 |
everything there as root:root - which is just about the case currently). |
| 66 |
|
| 67 |
What I'd rather prefer to do is to create an additional asterisk:root |
| 68 |
astdb folder beneath /var/lib/asterisk and have asterisk use that for |
| 69 |
astdb. This is easy enough to configure, and even to update the default |
| 70 |
config files. |
| 71 |
|
| 72 |
But what to do with existing installations? A person would need to "opt |
| 73 |
in" to this change by way of etc-update I guess (I'll keep a ::gentoo |
| 74 |
patch to basically enable the [directories] section, and to set astdbdir |
| 75 |
= /var/lib/asterisk/astdb by default). But unless the person modified |
| 76 |
asterisk.conf (entirely possible, generally you don't need to customize |
| 77 |
this config file) that will auto update this file. And on next asterisk |
| 78 |
restart the person will lose his existing astdb.sqlite3 file. |
| 79 |
|
| 80 |
So ... I could check for /var/lib/asterisk/astdb.sqlite3 in init script |
| 81 |
... but if the user opted out of te config update ... moving the file |
| 82 |
here (which is a bad idea in my opinion anyway) is a terrible idea. Not |
| 83 |
moving the file will simply result in asterisk creating a new |
| 84 |
astdb.sqlite3 file in the new folder - which carries risk if (and only |
| 85 |
if) the user cares about persistence in astdb (which my systems |
| 86 |
specifically don't, but some others do). By *default* nothing that |
| 87 |
asterisk itself stores into astdb requires persistence (but it is |
| 88 |
preferred, for example, if I REGISTER to asterisk, it is nice that it |
| 89 |
doesn't "forget" my registration over restarts or even reboots). |
| 90 |
|
| 91 |
At this point I'm inclined to put a big ewarn in the updated ebuilds in |
| 92 |
pkg_pretend, warning of this default config change (if you're updating |
| 93 |
from an older asterisk where the default was /var/lib/asterisk), |
| 94 |
installing the new folder and moving on with my life. Since all my |
| 95 |
installs already has /var/lib/asterisk/astdb on a ramdisk, I'm not |
| 96 |
affected, but I really would prefer to not catch users off guard. |
| 97 |
|
| 98 |
Currently new installs of asterisk is semi broken by default, easy to |
| 99 |
fix either by chown asterisk:root /var/lib/asterisk, or by install -d |
| 100 |
-oasterisk -groot -m0750 /var/lib/asterisk/astdb and simple (2 lines) |
| 101 |
config change to /etc/asterisk/asterisk.conf. |
| 102 |
|
| 103 |
Just looking for other possible approaches here. |
| 104 |
|
| 105 |
Migration is also easy enough: update config for new location, stop |
| 106 |
asterisk, mv the sqlite3 file, start asterisk. |
| 107 |
|
| 108 |
Kind Regards, |
| 109 |
Jaco |
Archives