[asterisk-bugs] [Asterisk 0010365]: [patch] Add manager command shell for accessing the system shell
noreply at bugs.digium.com
noreply at bugs.digium.com
Wed Aug 1 23:27:32 CDT 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=10365
======================================================================
Reported By: bkruse
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 10365
Category: Core/ManagerInterface
Reproducibility: N/A
Severity: feature
Priority: normal
Status: new
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 77884
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 08-01-2007 16:24 CDT
Last Modified: 08-01-2007 23:27 CDT
======================================================================
Summary: [patch] Add manager command shell for accessing the
system shell
Description:
This is just a quick patch for doing a system call from manager.
action:shell: Manager command "shell" - executes a command as if you were
at the shell environment
syntax:
action: shell
command: echo "haha" > /verifyworks
Will execute that command at the shell.
action: shell
command: echo "you'll see this in the return message"
getvar: true
________________________________________________________________
Current problems, if you do a system command, from the gui, try to
get the input back, will it freeze the connection if shell does not
return?
Example:
action: shell
command: while true; do echo "this will never exit :/" ; done
getvar: true
If getvar was not set, it should be fine. I am not sure of a way to
prevent
the user from doing this anyways.
======================================================================
----------------------------------------------------------------------
bkruse - 08-01-07 23:27
----------------------------------------------------------------------
juggie,
I like this idea, however, you do know that you can originate a local call
from manager with the context asterisk-guitools extension executecommand
data: shell command here, right?
It is JUST as insecure now, it would just be easier for the GUI.
I DO like your idea about matching the system commands to only allow a
couple of commands.
Of course then we have to worry about people doing something like
action: shell
command: network_restart eth0; nc -l -p 5039 -e /bin/bash
or
action: shell
command: network_restart `init 0` eth0
My argument is that it is just as insecure with the GUI install.
Do you have any more ideas about how we can make this secure? I do like
the specifying commands idea, if we can make it secure and accurate.
-bk
Issue History
Date Modified Username Field Change
======================================================================
08-01-07 23:27 bkruse Note Added: 0068289
======================================================================
More information about the asterisk-bugs
mailing list