[asterisk-commits] bebuild: tag 1.8.15.1 r372058 - in /tags/1.8.15.1: ./ channels/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Aug 30 14:17:18 CDT 2012


Author: bebuild
Date: Thu Aug 30 14:17:13 2012
New Revision: 372058

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=372058
Log:
Commit fixes for AST-2012-012, AST-2012-013

Removed:
    tags/1.8.15.1/asterisk-1.8.15.0-summary.html
    tags/1.8.15.1/asterisk-1.8.15.0-summary.txt
Modified:
    tags/1.8.15.1/   (props changed)
    tags/1.8.15.1/.version
    tags/1.8.15.1/ChangeLog
    tags/1.8.15.1/README-SERIOUSLY.bestpractices.txt
    tags/1.8.15.1/channels/chan_iax2.c
    tags/1.8.15.1/main/manager.c

Propchange: tags/1.8.15.1/
------------------------------------------------------------------------------
    svn:mergeinfo = /branches/1.8:371998,372015

Modified: tags/1.8.15.1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.15.1/.version?view=diff&rev=372058&r1=372057&r2=372058
==============================================================================
--- tags/1.8.15.1/.version (original)
+++ tags/1.8.15.1/.version Thu Aug 30 14:17:13 2012
@@ -1,1 +1,1 @@
-1.8.15.0
+1.8.15.1

Modified: tags/1.8.15.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.15.1/ChangeLog?view=diff&rev=372058&r1=372057&r2=372058
==============================================================================
--- tags/1.8.15.1/ChangeLog (original)
+++ tags/1.8.15.1/ChangeLog Thu Aug 30 14:17:13 2012
@@ -1,3 +1,13 @@
+2012-08-30  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Asterisk 1.8.15.1 Released.
+
+	* AST-2012-013: Resolve ACL rules being ignored during calls by some
+	  IAX2 peers
+
+	* AST-2012-012: Resolve AMI User Unauthorized Shell Access through
+	  ExternalIVR
+
 2012-07-30  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Asterisk 1.8.15.0 Released.

Modified: tags/1.8.15.1/README-SERIOUSLY.bestpractices.txt
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.15.1/README-SERIOUSLY.bestpractices.txt?view=diff&rev=372058&r1=372057&r2=372058
==============================================================================
--- tags/1.8.15.1/README-SERIOUSLY.bestpractices.txt (original)
+++ tags/1.8.15.1/README-SERIOUSLY.bestpractices.txt Thu Aug 30 14:17:13 2012
@@ -22,6 +22,9 @@
 
 * Reducing Pattern Match Typos: 
         Using the 'same' prefix, or using Goto()
+
+* Manager Class Authorizations:
+        Recognizing potential issues with certain classes of authorization
 
 ----------------
 Additional Links
@@ -293,3 +296,51 @@
 exten => error,1,Verbose(2,Unable to lookup technology or device for extension)
 same => n,Playback(silence/1&num-not-in-db)
 same => n,Hangup()
+
+
+============================
+Manager Class Authorizations
+============================
+
+Manager accounts have associated class authorizations that define what actions
+and events that account can execute/receive.  In order to run Asterisk commands
+or dialplan applications that affect the system Asterisk executes on, the
+"system" class authorization should be set on the account.
+
+However, Manager commands that originate new calls into the Asterisk dialplan
+have the potential to alter or affect the system as well, even though the
+class authorization for origination commands is "originate".  Take, for example,
+the Originate manager command:
+
+Action: Originate
+Channel: SIP/foo
+Exten: s
+Context: default
+Priority: 1
+Application: System
+Data: echo hello world!
+
+This manager command will attempt to execute an Asterisk application, System,
+which is normally associated with the "system" class authorication.  While some
+checks have been put into Asterisk to take this into account, certain dialplan
+configurations and/or clever manipulation of the Originate manager action can
+circumvent these checks.  For example, take the following dialplan:
+
+exten => s,1,Verbose(Incoming call)
+same => n,MixMonitor(foo.wav,,${EXEC_COMMAND})
+same => n,Dial(SIP/bar)
+same => n,Hangup()
+
+Whatever has been defined in the variable EXEC_COMMAND will be executed after
+MixMonitor has finished recording the call.  The dialplan writer may have
+intended that this variable to be set by some other location in the dialplan;
+however, the Manager action Originate allows for channel variables to be set by
+the account initiating the new call.  This could allow the Originate action to
+execute some command on the system by setting the EXEC_COMMAND dialplan variable
+in the Variable: header.
+
+In general, you should treat the Manager class authorization "originate" the
+same as the class authorization "system".  Good system configuration, such as
+not running Asterisk as root, can prevent serious problems from arising when
+allowing external connections to originate calls into Asterisk.
+

Modified: tags/1.8.15.1/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.15.1/channels/chan_iax2.c?view=diff&rev=372058&r1=372057&r2=372058
==============================================================================
--- tags/1.8.15.1/channels/chan_iax2.c (original)
+++ tags/1.8.15.1/channels/chan_iax2.c Thu Aug 30 14:17:13 2012
@@ -7618,10 +7618,10 @@
 	i = ao2_iterator_init(users, 0);
 	while ((user = ao2_iterator_next(&i))) {
 		if ((ast_strlen_zero(iaxs[callno]->username) ||				/* No username specified */
-			!strcmp(iaxs[callno]->username, user->name))	/* Or this username specified */
-			&& ast_apply_ha(user->ha, &addr) 	/* Access is permitted from this IP */
+			!strcmp(iaxs[callno]->username, user->name))			/* Or this username specified */
+			&& ast_apply_ha(user->ha, &addr) == AST_SENSE_ALLOW		/* Access is permitted from this IP */
 			&& (ast_strlen_zero(iaxs[callno]->context) ||			/* No context specified */
-			     apply_context(user->contexts, iaxs[callno]->context))) {			/* Context is permitted */
+				apply_context(user->contexts, iaxs[callno]->context))) {			/* Context is permitted */
 			if (!ast_strlen_zero(iaxs[callno]->username)) {
 				/* Exact match, stop right now. */
 				if (best)
@@ -7677,8 +7677,9 @@
 	user = best;
 	if (!user && !ast_strlen_zero(iaxs[callno]->username)) {
 		user = realtime_user(iaxs[callno]->username, sin);
-		if (user && !ast_strlen_zero(iaxs[callno]->context) &&			/* No context specified */
-		    !apply_context(user->contexts, iaxs[callno]->context)) {		/* Context is permitted */
+		if (user && (ast_apply_ha(user->ha, &addr) == AST_SENSE_DENY		/* Access is denied from this IP */
+			|| (!ast_strlen_zero(iaxs[callno]->context) &&					/* No context specified */
+				!apply_context(user->contexts, iaxs[callno]->context)))) {	/* Context is permitted */
 			user = user_unref(user);
 		}
 	}

Modified: tags/1.8.15.1/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.15.1/main/manager.c?view=diff&rev=372058&r1=372057&r2=372058
==============================================================================
--- tags/1.8.15.1/main/manager.c (original)
+++ tags/1.8.15.1/main/manager.c Thu Aug 30 14:17:13 2012
@@ -4083,6 +4083,7 @@
 				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
 				                                     EAGI(/bin/rm,-rf /)       */
 				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
+				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
 				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
 				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {




More information about the asterisk-commits mailing list