The init script already fixes ownership for the log and run dirs, we should do the same for spool. Trivial: In function setup_svc_variables, just add the following lines in the appropriate locations: ast_spooldir=/var/spool/${SVCNAME} [ -n "${ASTERISK_SPOOLDIR}" ] && ast_spooldir="${ASTERISK_SPOOLDIR}" And then at lines 236 (238 after edits above), replace: checkpath -d -m 0755 -o ${USER}${GROUP} "${ast_logdir}" "${ast_rundir}" find "${ast_logdir}" "${ast_rundir}" ! -user "${USER}" | while read element; do With: checkpath -d -m 0755 -o ${USER}${GROUP} "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}" find "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}" ! -user "${USER}" | while read element; do Reproducible: Always
Created attachment 357230 [details, diff] asterisk-init-spooldir.patch
+*asterisk-11.5.1 (28 Aug 2013) +*asterisk-1.8.23.1 (28 Aug 2013) + + 28 Aug 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.22.0.ebuild, + -asterisk-1.8.23.0.ebuild, +asterisk-1.8.23.1.ebuild, + -asterisk-11.4.0.ebuild, -asterisk-11.5.0.ebuild, +asterisk-11.5.1.ebuild, + +files/1.8.0/asterisk.initd7: + Security upgrades for AST-2013-004 & AST-2013-005 on both branches. + Behavioral improvements for G729 VAD, closes bug #480928. Add missed + ownership checks to init script, closes bug #482688. Both by Jaco Kroon. + Removed all insecure non-stable ebuilds.