-
Type:
Bug
-
Status: Dev Review
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 16
-
Fix Version/s: None
-
Component/s: FreePBX Framework
-
Labels:None
-
Bug Tracker:Customer Issue
In modern Linux distros, theĀ fs.protected_regular kernel option is enabled by default. The behaviour of this option is this:
Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder
This becomes a problem in FreePBX when /tmp/cron.error is written. Because the /tmp directory is world writable and sticky, nobody but the original creator of the fileĀ (not even root) can touch the file again, regardless of the 777 permissions. This causes fwconsole reload and cron jobs to fail, if they're run by someone other than the creator of the file.
The solution is to write to another directory that is not world writable with sticky perms, I think ASTSPOOLDIR/tmp is probably the most reasonable suggestion.
