[asterisk-commits] bebuild: tag 10.7.1 r372057 - in /tags/10.7.1: ./ channels/ main/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Aug 30 14:16:57 CDT 2012
Author: bebuild
Date: Thu Aug 30 14:16:53 2012
New Revision: 372057
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=372057
Log:
Commit fixes for AST-2012-012, AST-2012-013
Removed:
tags/10.7.1/asterisk-10.7.0-summary.html
tags/10.7.1/asterisk-10.7.0-summary.txt
Modified:
tags/10.7.1/ (props changed)
tags/10.7.1/.version
tags/10.7.1/ChangeLog
tags/10.7.1/README-SERIOUSLY.bestpractices.txt
tags/10.7.1/channels/chan_iax2.c
tags/10.7.1/main/manager.c
Propchange: tags/10.7.1/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.
Propchange: tags/10.7.1/
------------------------------------------------------------------------------
svn:mergeinfo = /branches/10:371999,372020
Modified: tags/10.7.1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/10.7.1/.version?view=diff&rev=372057&r1=372056&r2=372057
==============================================================================
--- tags/10.7.1/.version (original)
+++ tags/10.7.1/.version Thu Aug 30 14:16:53 2012
@@ -1,1 +1,1 @@
-10.7.0
+10.7.1
Modified: tags/10.7.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/10.7.1/ChangeLog?view=diff&rev=372057&r1=372056&r2=372057
==============================================================================
--- tags/10.7.1/ChangeLog (original)
+++ tags/10.7.1/ChangeLog Thu Aug 30 14:16:53 2012
@@ -1,3 +1,13 @@
+2012-08-30 Asterisk Development Team <asteriskteam at digium.com>
+
+ * Asterisk 10.7.1 Released.
+
+ * AST-2012-013: Resolve ACL rules being ignored during calls by some
+ IAX2 peers
+
+ * AST-2012-012: Resolve AMI User Unauthorized Shell Access through
+ ExternalIVR
+
2012-07-30 Asterisk Development Team <asteriskteam at digium.com>
* Asterisk 10.7.0 Released.
Modified: tags/10.7.1/README-SERIOUSLY.bestpractices.txt
URL: http://svnview.digium.com/svn/asterisk/tags/10.7.1/README-SERIOUSLY.bestpractices.txt?view=diff&rev=372057&r1=372056&r2=372057
==============================================================================
--- tags/10.7.1/README-SERIOUSLY.bestpractices.txt (original)
+++ tags/10.7.1/README-SERIOUSLY.bestpractices.txt Thu Aug 30 14:16:53 2012
@@ -22,6 +22,9 @@
* Reducing Pattern Match Typos:
Using the 'same' prefix, or using Goto()
+
+* Manager Class Authorizations:
+ Recognizing potential issues with certain classes of authorization
----------------
Additional Links
@@ -293,3 +296,51 @@
exten => error,1,Verbose(2,Unable to lookup technology or device for extension)
same => n,Playback(silence/1&num-not-in-db)
same => n,Hangup()
+
+
+============================
+Manager Class Authorizations
+============================
+
+Manager accounts have associated class authorizations that define what actions
+and events that account can execute/receive. In order to run Asterisk commands
+or dialplan applications that affect the system Asterisk executes on, the
+"system" class authorization should be set on the account.
+
+However, Manager commands that originate new calls into the Asterisk dialplan
+have the potential to alter or affect the system as well, even though the
+class authorization for origination commands is "originate". Take, for example,
+the Originate manager command:
+
+Action: Originate
+Channel: SIP/foo
+Exten: s
+Context: default
+Priority: 1
+Application: System
+Data: echo hello world!
+
+This manager command will attempt to execute an Asterisk application, System,
+which is normally associated with the "system" class authorication. While some
+checks have been put into Asterisk to take this into account, certain dialplan
+configurations and/or clever manipulation of the Originate manager action can
+circumvent these checks. For example, take the following dialplan:
+
+exten => s,1,Verbose(Incoming call)
+same => n,MixMonitor(foo.wav,,${EXEC_COMMAND})
+same => n,Dial(SIP/bar)
+same => n,Hangup()
+
+Whatever has been defined in the variable EXEC_COMMAND will be executed after
+MixMonitor has finished recording the call. The dialplan writer may have
+intended that this variable to be set by some other location in the dialplan;
+however, the Manager action Originate allows for channel variables to be set by
+the account initiating the new call. This could allow the Originate action to
+execute some command on the system by setting the EXEC_COMMAND dialplan variable
+in the Variable: header.
+
+In general, you should treat the Manager class authorization "originate" the
+same as the class authorization "system". Good system configuration, such as
+not running Asterisk as root, can prevent serious problems from arising when
+allowing external connections to originate calls into Asterisk.
+
Modified: tags/10.7.1/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/tags/10.7.1/channels/chan_iax2.c?view=diff&rev=372057&r1=372056&r2=372057
==============================================================================
--- tags/10.7.1/channels/chan_iax2.c (original)
+++ tags/10.7.1/channels/chan_iax2.c Thu Aug 30 14:16:53 2012
@@ -7725,10 +7725,10 @@
i = ao2_iterator_init(users, 0);
while ((user = ao2_iterator_next(&i))) {
if ((ast_strlen_zero(iaxs[callno]->username) || /* No username specified */
- !strcmp(iaxs[callno]->username, user->name)) /* Or this username specified */
- && ast_apply_ha(user->ha, &addr) /* Access is permitted from this IP */
+ !strcmp(iaxs[callno]->username, user->name)) /* Or this username specified */
+ && ast_apply_ha(user->ha, &addr) == AST_SENSE_ALLOW /* Access is permitted from this IP */
&& (ast_strlen_zero(iaxs[callno]->context) || /* No context specified */
- apply_context(user->contexts, iaxs[callno]->context))) { /* Context is permitted */
+ apply_context(user->contexts, iaxs[callno]->context))) { /* Context is permitted */
if (!ast_strlen_zero(iaxs[callno]->username)) {
/* Exact match, stop right now. */
if (best)
@@ -7784,8 +7784,9 @@
user = best;
if (!user && !ast_strlen_zero(iaxs[callno]->username)) {
user = realtime_user(iaxs[callno]->username, sin);
- if (user && !ast_strlen_zero(iaxs[callno]->context) && /* No context specified */
- !apply_context(user->contexts, iaxs[callno]->context)) { /* Context is permitted */
+ if (user && (ast_apply_ha(user->ha, &addr) == AST_SENSE_DENY /* Access is denied from this IP */
+ || (!ast_strlen_zero(iaxs[callno]->context) && /* No context specified */
+ !apply_context(user->contexts, iaxs[callno]->context)))) { /* Context is permitted */
user = user_unref(user);
}
}
Modified: tags/10.7.1/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/10.7.1/main/manager.c?view=diff&rev=372057&r1=372056&r2=372057
==============================================================================
--- tags/10.7.1/main/manager.c (original)
+++ tags/10.7.1/main/manager.c Thu Aug 30 14:16:53 2012
@@ -4138,6 +4138,7 @@
strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /)
EAGI(/bin/rm,-rf /) */
strcasestr(app, "mixmonitor") || /* MixMonitor(blah,,rm -rf) */
+ strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */
(strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */
(strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
)) {
More information about the asterisk-commits
mailing list