[sr-dev] [kamailio] multiple /tmp file vulnerabilities (#48)
Olle E. Johansson
notifications at github.com
Sat Jan 24 17:14:09 CET 2015
On 24 Jan 2015, at 13:20, Victor Seva <notifications at github.com> wrote:
> Changes I'm planning to do in the Debian packaging:
>
> kamcmd defaults to connecting to unixs:/tmp/kamailio_ctl.
>
> I'm going to change the default of ctl module to /var/run/kamailio/kamailio_ctl so kamcmd will use it by default and I'm going to set explicitly the binrpc parameter on the etc/kamailio/*.cfg files
>
> The kamailio build definitely is vulnerable as can be seen in utils/kamctl/Makefile.
>
> I'm going to use basedir Makefile config instead of /tmp
>
Is there a reason for not changing the Kamailio defaults?
/O
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/48#issuecomment-71324664
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150124/b36f06b2/attachment.html>
More information about the sr-dev
mailing list