Date: Mon, 07 Sep 2020 18:34:05 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 249177] net/asterisk16: Add support for configurable umask to rc.d script Message-ID: <bug-249177-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D249177 Bug ID: 249177 Summary: net/asterisk16: Add support for configurable umask to rc.d script Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: madpilot@FreeBSD.org Reporter: mickey242@gmx.net Flags: maintainer-feedback?(madpilot@FreeBSD.org) Assignee: madpilot@FreeBSD.org Created attachment 217805 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D217805&action= =3Dedit Patch to add support for configurable umask Asterisk does not seem to provide any support for setting the file permissi= ons of files that it creates on it's own but rather relies solely on the proces= s' umask which defaults to a value of 022. This causes files that could potentially contain sensitive infomation (like voice mailboxes or received = FAX documents for example) to be readable by every user that has access to the = host machine. Unfortunately FreeBSD's rc(8) system does not seem to provide a standardized way to configure the umask a service is started with either, so it's up to = the individual service's rc script to facilitate this. Attached patch adds support for setting the umask asterisk is run with by setting "asterisk_umask" in rc.conf. Additionally "load_rc_config" is called after assigning "start_precmd" or any of the "<arg>_cmd" variables, so that= a script in /etc/rc.conf.d/asterisk may override those variables, which is intended behaviour as per the rc.subr(8) documentation: load_rc_config name Source in the configuration files for name. First, /etc/rc.conf= is sourced if it has not yet been read in. Then, /etc/rc.conf.d/na= me is sourced if it is an existing file. The latter may also conta= in other variable assignments to override run_rc_command arguments defined by the calling script, to provide an easy mechanism for = an administrator to override the behaviour of a given rc.d(8) script without requiring the editing of that script. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-249177-7788>