[asterisk-bugs] [Asterisk 0010972]: [patch] safe/limited Originate manager action

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Dec 6 09:07:08 CST 2007


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10972 
====================================================================== 
Reported By:                tzafrir
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10972
Category:                   Core/ManagerInterface
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     new
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 85537 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-13-2007 19:29 CDT
Last Modified:              12-06-2007 09:07 CST
====================================================================== 
Summary:                    [patch] safe/limited Originate manager action
Description: 
The manager action of date allows someone with a "call" write permission to
run an arbitrary command with the Asterisk user (using e.g. the System
application). It also allows the originator to generate a call to just
about anywhere in the dialplan.

This patch is attempts to be a first step towards providing a safer
Originate action. It adds a new permission type, "safe_call". And then goes
to add a new meaning to the Originate action if the caller has only
"safe_call" write permissions but not "call" write permissions:

* The originator cannot use the "Application" form. It must originate a
cal to an extension.

* The Context set by the originaator is ignored, and replaced by the
context set for it in the managers.conf .

* A Local channel is not allowed, as it would allow using an arbitrary
context.

This still allows the originator to generate a call from an arbitrary
channel, which is probably not safe. But gets rid of most of the issues.

It is currently a proof of concept code - tested to build but not to run.
====================================================================== 

---------------------------------------------------------------------- 
 bkruse - 12-06-07 09:07  
---------------------------------------------------------------------- 
I agree with OEJ.

In that also, manager is being used in so many applications, that a class
of privileges is almost a must.

This does need some thought, but is a step in the right direction :) 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
12-06-07 09:07  bkruse         Note Added: 0074904                          
======================================================================




More information about the asterisk-bugs mailing list