diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-01-11 18:25:30 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-01-11 18:25:30 +0000 |
commit | 8b01bd8a31691c5f0a2f551e1c8007bd6d795669 (patch) | |
tree | 440bdc36b356106b0372ed724ee4167773adc129 /doc/security.txt | |
parent | 6c4e7a6dd6ac88cd55a35f274b7ad634397e86c8 (diff) |
Backport the ability to set the ToS bits on Linux when not running as root.
Normally, we would not backport features into 1.4, but, I was convinced by the
justification supplied by the supplier of this patch. He pointed out that this
patch removes a requirement for running as root, thus reducing the potential
impacts of security issues.
(closes issue #11742)
Reported by: paravoid
Patches:
libcap.diff uploaded by paravoid (license 200)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@98265 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'doc/security.txt')
-rw-r--r-- | doc/security.txt | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/security.txt b/doc/security.txt index 0801679cc..3adf53624 100644 --- a/doc/security.txt +++ b/doc/security.txt @@ -28,6 +28,13 @@ The IAX2 protocol supports strong RSA key authentication as well as AES encryption of voice and signalling. The SIP channel does not support encryption in this version of Asterisk. +By default, if you have libcap available, Asterisk will try to retain the +CAP_NET_ADMIN capability when running as a non-root user. If you do not need +that capability you may want to configure Asterisk with --without-cap; however, +this will prevent Asterisk from being able to mark high ToS bits under Linux. +More information on CAP_NET_ADMIN is available at: +http://www.lids.org/lids-howto/node48.html + * DIALPLAN SECURITY First and foremost remember this: |