[asterisk-commits] tilghman: trunk r104039 - in /trunk: ./ doc/ include/asterisk/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Feb 22 16:55:36 CST 2008


Author: tilghman
Date: Fri Feb 22 16:55:35 2008
New Revision: 104039

URL: http://svn.digium.com/view/asterisk?view=rev&rev=104039
Log:
Move Originate to a separate privilege and require the additional System privilege to call out to a subshell.

Modified:
    trunk/CHANGES
    trunk/UPGRADE.txt
    trunk/doc/manager_1_1.txt
    trunk/include/asterisk/manager.h
    trunk/main/manager.c

Modified: trunk/CHANGES
URL: http://svn.digium.com/view/asterisk/trunk/CHANGES?view=diff&rev=104039&r1=104038&r2=104039
==============================================================================
--- trunk/CHANGES (original)
+++ trunk/CHANGES Fri Feb 22 16:55:35 2008
@@ -48,6 +48,9 @@
   * Updated action newcat to allow new category to be inserted in file above another
     existing category.
   * Added new event "JitterBufStats" in the IAX2 channel
+  * Originate now requires the Originate privilege and, if you want to call out
+    to a subshell, it requires the System privilege, as well.  This was done to
+    enhance manager security.
 
 Dialplan functions
 ------------------

Modified: trunk/UPGRADE.txt
URL: http://svn.digium.com/view/asterisk/trunk/UPGRADE.txt?view=diff&rev=104039&r1=104038&r2=104039
==============================================================================
--- trunk/UPGRADE.txt (original)
+++ trunk/UPGRADE.txt Fri Feb 22 16:55:35 2008
@@ -178,3 +178,6 @@
    change your manager.conf to add the level to existing AMI users, if they
    want to see the CDR events generated.
 
+* The Originate command now requires the Originate write permission.  For
+   Originate with the Application parameter, you need the additional System
+   privilege if you want to do anything that calls out to a subshell.

Modified: trunk/doc/manager_1_1.txt
URL: http://svn.digium.com/view/asterisk/trunk/doc/manager_1_1.txt?view=diff&rev=104039&r1=104038&r2=104039
==============================================================================
--- trunk/doc/manager_1_1.txt (original)
+++ trunk/doc/manager_1_1.txt Fri Feb 22 16:55:35 2008
@@ -114,6 +114,11 @@
 	Added new headers for SayEnvelope, SayCID, AttachMessage, CanReview
         and CallOperator voicemail configuration settings.
 
+- Action Originate
+	Now requires the new Originate privilege.
+	If you call out to a subshell in Originate with the Application parameter,
+		you now also need the System privilege.
+
 * NEW ACTIONS
 -------------
 - Action: ModuleLoad

Modified: trunk/include/asterisk/manager.h
URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/manager.h?view=diff&rev=104039&r1=104038&r2=104039
==============================================================================
--- trunk/include/asterisk/manager.h (original)
+++ trunk/include/asterisk/manager.h Fri Feb 22 16:55:35 2008
@@ -69,6 +69,7 @@
 #define EVENT_FLAG_REPORTING		(1 << 9) /* Reporting events such as rtcp sent */
 #define EVENT_FLAG_CDR			(1 << 10) /* CDR events */
 #define EVENT_FLAG_DIALPLAN		(1 << 11) /* Dialplan events (VarSet, NewExten) */
+#define EVENT_FLAG_ORIGINATE	(1 << 12) /* Originate a call to an extension */
 /*@} */
 
 /*! \brief Export manager structures */

Modified: trunk/main/manager.c
URL: http://svn.digium.com/view/asterisk/trunk/main/manager.c?view=diff&rev=104039&r1=104038&r2=104039
==============================================================================
--- trunk/main/manager.c (original)
+++ trunk/main/manager.c Fri Feb 22 16:55:35 2008
@@ -328,6 +328,7 @@
 	{ EVENT_FLAG_REPORTING, "reporting" },
 	{ EVENT_FLAG_CDR, "cdr" },
 	{ EVENT_FLAG_DIALPLAN, "dialplan" },
+	{ EVENT_FLAG_ORIGINATE, "originate" },
 	{ -1, "all" },
 	{ 0, "none" },
 };
@@ -2156,8 +2157,23 @@
 			}
 		}
 	} else if (!ast_strlen_zero(app)) {
+		/* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
+		if (!(s->writeperm & EVENT_FLAG_SYSTEM)
+			&& (
+				strcasestr(app, "system") == 0 || /* System(rm -rf /)
+				                                     TrySystem(rm -rf /)       */
+				strcasestr(app, "exec") ||        /* Exec(System(rm -rf /))
+				                                     TryExec(System(rm -rf /)) */
+				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
+				                                     EAGI(/bin/rm,-rf /)       */
+				strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+				strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+				)) {
+			astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have.");
+			return 0;
+		}
 		res = ast_pbx_outgoing_app(tech, AST_FORMAT_SLINEAR, data, to, app, appdata, &reason, 1, l, n, vars, account, NULL);
-    	} else {
+	} else {
 		if (exten && context && pi)
 			res = ast_pbx_outgoing_exten(tech, AST_FORMAT_SLINEAR, data, to, context, exten, pi, &reason, 1, l, n, vars, account, NULL);
 		else {
@@ -3641,7 +3657,7 @@
 		ast_manager_register2("CreateConfig", EVENT_FLAG_CONFIG, action_createconfig, "Creates an empty file in the configuration directory", mandescr_createconfig);
 		ast_manager_register2("ListCategories", EVENT_FLAG_CONFIG, action_listcategories, "List categories in configuration file", mandescr_listcategories);
 		ast_manager_register2("Redirect", EVENT_FLAG_CALL, action_redirect, "Redirect (transfer) a call", mandescr_redirect );
-		ast_manager_register2("Originate", EVENT_FLAG_CALL, action_originate, "Originate Call", mandescr_originate);
+		ast_manager_register2("Originate", EVENT_FLAG_ORIGINATE, action_originate, "Originate Call", mandescr_originate);
 		ast_manager_register2("Command", EVENT_FLAG_COMMAND, action_command, "Execute Asterisk CLI Command", mandescr_command );
 		ast_manager_register2("ExtensionState", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_extensionstate, "Check Extension Status", mandescr_extensionstate );
 		ast_manager_register2("AbsoluteTimeout", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, action_timeout, "Set Absolute Timeout", mandescr_timeout );




More information about the asterisk-commits mailing list