[sr-dev] [kamailio] multiple /tmp file vulnerabilities (#48)
Daniel-Constantin Mierla
miconda at gmail.com
Fri Jan 30 14:56:33 CET 2015
Many thanks Victor for pursuing this and getting it pushed to Debian.
Perhaps we can made the default to /var/run/ instead of /tmp/, with Debian
using /var/run/kamailio/.
At the end, I am happy to make it directly defaulting to
/var/run/kamailio/. If other OSes have /var/run/ then I guess they are
happy creating a new folder in there as well, not just placing new
pid/socket/fifo files.
On Fri, Jan 30, 2015 at 12:34 AM, Anthony Messina <notifications at github.com>
wrote:
> I'm glad to see work in this direction. I've been using this patch
> <https://messinet.com/rpms/browser/kamailio/kamailio-ctl-fifo-pid.patch>
> for Fedora 20, 21 & EL7 RPMs to move things from */tmp* to */run/kamailio*.
> I'm sure it's not complete, but it's worked well so far.
>
> —
> Reply to this email directly or view it on GitHub
> <https://github.com/kamailio/kamailio/issues/48#issuecomment-72126585>.
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
<http://www.linkedin.com/in/miconda>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150130/07ab8104/attachment.html>
More information about the sr-dev
mailing list