[Bug 249177] net/asterisk16: Add support for configurable umask to rc.d script

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Sep 7 18:34:06 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249177

            Bug ID: 249177
           Summary: net/asterisk16: Add support for configurable umask to
                    rc.d script
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: madpilot at FreeBSD.org
          Reporter: mickey242 at gmx.net
             Flags: maintainer-feedback?(madpilot at FreeBSD.org)
          Assignee: madpilot at FreeBSD.org

Created attachment 217805
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=217805&action=edit
Patch to add support for configurable umask

Asterisk does not seem to provide any support for setting the file permissions
of files that it creates on it's own but rather relies solely on the process'
umask which defaults to a value of 022. This causes files that could
potentially contain sensitive infomation (like voice mailboxes or received FAX
documents for example) to be readable by every user that has access to the host
machine.

Unfortunately FreeBSD's rc(8) system does not seem to provide a standardized
way to configure the umask a service is started with either, so it's up to the
individual service's rc script to facilitate this.

Attached patch adds support for setting the umask asterisk is run with by
setting "asterisk_umask" in rc.conf. Additionally "load_rc_config" is called
after assigning "start_precmd" or any of the "<arg>_cmd" variables, so that a
script in /etc/rc.conf.d/asterisk may override those variables, which is
intended behaviour as per the rc.subr(8) documentation:

     load_rc_config name
           Source in the configuration files for name.  First, /etc/rc.conf is
           sourced if it has not yet been read in.  Then, /etc/rc.conf.d/name
           is sourced if it is an existing file.  The latter may also contain
           other variable assignments to override run_rc_command arguments
           defined by the calling script, to provide an easy mechanism for an
           administrator to override the behaviour of a given rc.d(8) script
           without requiring the editing of that script.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list