Bug 249177 - net/asterisk16: Add support for configurable umask to rc.d script
Summary: net/asterisk16: Add support for configurable umask to rc.d script
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Guido Falsi
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-07 18:34 UTC by mickey242
Modified: 2020-09-14 16:30 UTC (History)
0 users

See Also:
madpilot: maintainer-feedback+

Attachments
Patch to add support for configurable umask (1.49 KB, patch)
2020-09-07 18:34 UTC, mickey242 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mickey242 2020-09-07 18:34:05 UTC 
Created attachment 217805 [details]
Patch to add support for configurable umask

Asterisk does not seem to provide any support for setting the file permissions of files that it creates on it's own but rather relies solely on the process' umask which defaults to a value of 022. This causes files that could potentially contain sensitive infomation (like voice mailboxes or received FAX documents for example) to be readable by every user that has access to the host machine.

Unfortunately FreeBSD's rc(8) system does not seem to provide a standardized way to configure the umask a service is started with either, so it's up to the individual service's rc script to facilitate this.

Attached patch adds support for setting the umask asterisk is run with by setting "asterisk_umask" in rc.conf. Additionally "load_rc_config" is called after assigning "start_precmd" or any of the "<arg>_cmd" variables, so that a script in /etc/rc.conf.d/asterisk may override those variables, which is intended behaviour as per the rc.subr(8) documentation:

     load_rc_config name
           Source in the configuration files for name.  First, /etc/rc.conf is
           sourced if it has not yet been read in.  Then, /etc/rc.conf.d/name
           is sourced if it is an existing file.  The latter may also contain
           other variable assignments to override run_rc_command arguments
           defined by the calling script, to provide an easy mechanism for an
           administrator to override the behaviour of a given rc.d(8) script
           without requiring the editing of that script.
Comment 1 Guido Falsi freebsd_committer freebsd_triage 2020-09-09 20:49:36 UTC 
Hi,

Thanks for the patch. Working on it.
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-09-14 16:28:47 UTC 
A commit references this bug:

Author: madpilot
Date: Mon Sep 14 16:28:42 UTC 2020
New revision: 548625
URL: https://svnweb.freebsd.org/changeset/ports/548625

Log:
  Add to support for configurable umask to asterisk startup script.

  PR:		249177
  Submitted by:	mickey242@gmx.net

Changes:
  head/net/asterisk13/Makefile
  head/net/asterisk13/files/asterisk.in
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-09-14 16:29:48 UTC 
A commit references this bug:

Author: madpilot
Date: Mon Sep 14 16:29:02 UTC 2020
New revision: 548626
URL: https://svnweb.freebsd.org/changeset/ports/548626

Log:
  Add to support for configurable umask to asterisk startup script.

  PR:             249177
  Submitted by:   mickey242@gmx.net

Changes:
  head/net/asterisk16/Makefile
  head/net/asterisk16/files/asterisk.in
Comment 4 Guido Falsi freebsd_committer freebsd_triage 2020-09-14 16:30:15 UTC 
Committed. Thanks!