Problem
Tools/UpdateActivation.php:32 creates a log file at /tmp/frogman-activation-{timestamp}.log for each background activation refresh, then never deletes it. No retention limit; files accumulate over time.
Two concerns:
- Disk fill over time — small files, but they accumulate indefinitely.
- Info disclosure if /tmp is multi-tenant readable — fwconsole output can include paths, errors, diagnostic info. /tmp is single-tenant on standard FreePBX boxes, so this is mostly theoretical.
Fix
Either:
- Cleanup at start of next run — sweep
/tmp/frogman-activation-*.log older than 24h before creating the new one.
- OR write to a frogman-owned dir with a periodic sweep, similar to how
SipTrace already handles its own /tmp lifecycle correctly (audit confirmed SipTrace cleans up its meta + pgid + trace files on stop and auto-stops after timeout).
Files
Tools/UpdateActivation.php:32
Discovered
Internal security audit, 2026-05-18.
Problem
Tools/UpdateActivation.php:32creates a log file at/tmp/frogman-activation-{timestamp}.logfor each background activation refresh, then never deletes it. No retention limit; files accumulate over time.Two concerns:
Fix
Either:
/tmp/frogman-activation-*.logolder than 24h before creating the new one.SipTracealready handles its own /tmp lifecycle correctly (audit confirmed SipTrace cleans up its meta + pgid + trace files on stop and auto-stops after timeout).Files
Tools/UpdateActivation.php:32Discovered
Internal security audit, 2026-05-18.