[asterisk-commits] bebuild: tag certified-1.8.11-cert7 r372082 - in /certified/tags/1.8.11-cert7...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Aug 30 14:23:31 CDT 2012


Author: bebuild
Date: Thu Aug 30 14:23:27 2012
New Revision: 372082

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=372082
Log:
Merge changes for AST-2012-012,AST-2012-013

Removed:
    certified/tags/1.8.11-cert7/certified-asterisk-1.8.11-cert6-summary.html
    certified/tags/1.8.11-cert7/certified-asterisk-1.8.11-cert6-summary.txt
Modified:
    certified/tags/1.8.11-cert7/   (props changed)
    certified/tags/1.8.11-cert7/.version
    certified/tags/1.8.11-cert7/ChangeLog
    certified/tags/1.8.11-cert7/README-SERIOUSLY.bestpractices.txt
    certified/tags/1.8.11-cert7/channels/chan_iax2.c
    certified/tags/1.8.11-cert7/main/manager.c

Propchange: certified/tags/1.8.11-cert7/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Propchange: certified/tags/1.8.11-cert7/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug 30 14:23:27 2012
@@ -1,1 +1,2 @@
 /branches/1.8:357665,358162,359656,359706,359979,360086,360884,367781,367843,368604,368759
+/certified/branches/1.8.11:372030

Modified: certified/tags/1.8.11-cert7/.version
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.11-cert7/.version?view=diff&rev=372082&r1=372081&r2=372082
==============================================================================
--- certified/tags/1.8.11-cert7/.version (original)
+++ certified/tags/1.8.11-cert7/.version Thu Aug 30 14:23:27 2012
@@ -1,1 +1,1 @@
-1.8.11-cert6
+1.8.11-cert7

Modified: certified/tags/1.8.11-cert7/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.11-cert7/ChangeLog?view=diff&rev=372082&r1=372081&r2=372082
==============================================================================
--- certified/tags/1.8.11-cert7/ChangeLog (original)
+++ certified/tags/1.8.11-cert7/ChangeLog Thu Aug 30 14:23:27 2012
@@ -1,3 +1,13 @@
+2012-08-30  Asterisk Development Team <asteriskteam at digium.com>
+
+        * Asterisk 1.8.11-cert7 Released.
+	
+        * AST-2012-013: Resolve ACL rules being ignored during calls by some
+          IAX2 peers
+			  
+        * AST-2012-012: Resolve AMI User Unauthorized Shell Access through
+          ExternalIVR
+
 2012-08-24  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Certified Asterisk 1.8.11-cert6 Released.

Modified: certified/tags/1.8.11-cert7/README-SERIOUSLY.bestpractices.txt
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.11-cert7/README-SERIOUSLY.bestpractices.txt?view=diff&rev=372082&r1=372081&r2=372082
==============================================================================
--- certified/tags/1.8.11-cert7/README-SERIOUSLY.bestpractices.txt (original)
+++ certified/tags/1.8.11-cert7/README-SERIOUSLY.bestpractices.txt Thu Aug 30 14:23:27 2012
@@ -22,6 +22,9 @@
 
 * Reducing Pattern Match Typos: 
         Using the 'same' prefix, or using Goto()
+
+* Manager Class Authorizations:
+        Recognizing potential issues with certain classes of authorization
 
 ----------------
 Additional Links
@@ -293,3 +296,51 @@
 exten => error,1,Verbose(2,Unable to lookup technology or device for extension)
 same => n,Playback(silence/1&num-not-in-db)
 same => n,Hangup()
+
+
+============================
+Manager Class Authorizations
+============================
+
+Manager accounts have associated class authorizations that define what actions
+and events that account can execute/receive.  In order to run Asterisk commands
+or dialplan applications that affect the system Asterisk executes on, the
+"system" class authorization should be set on the account.
+
+However, Manager commands that originate new calls into the Asterisk dialplan
+have the potential to alter or affect the system as well, even though the
+class authorization for origination commands is "originate".  Take, for example,
+the Originate manager command:
+
+Action: Originate
+Channel: SIP/foo
+Exten: s
+Context: default
+Priority: 1
+Application: System
+Data: echo hello world!
+
+This manager command will attempt to execute an Asterisk application, System,
+which is normally associated with the "system" class authorication.  While some
+checks have been put into Asterisk to take this into account, certain dialplan
+configurations and/or clever manipulation of the Originate manager action can
+circumvent these checks.  For example, take the following dialplan:
+
+exten => s,1,Verbose(Incoming call)
+same => n,MixMonitor(foo.wav,,${EXEC_COMMAND})
+same => n,Dial(SIP/bar)
+same => n,Hangup()
+
+Whatever has been defined in the variable EXEC_COMMAND will be executed after
+MixMonitor has finished recording the call.  The dialplan writer may have
+intended that this variable to be set by some other location in the dialplan;
+however, the Manager action Originate allows for channel variables to be set by
+the account initiating the new call.  This could allow the Originate action to
+execute some command on the system by setting the EXEC_COMMAND dialplan variable
+in the Variable: header.
+
+In general, you should treat the Manager class authorization "originate" the
+same as the class authorization "system".  Good system configuration, such as
+not running Asterisk as root, can prevent serious problems from arising when
+allowing external connections to originate calls into Asterisk.
+

Modified: certified/tags/1.8.11-cert7/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.11-cert7/channels/chan_iax2.c?view=diff&rev=372082&r1=372081&r2=372082
==============================================================================
--- certified/tags/1.8.11-cert7/channels/chan_iax2.c (original)
+++ certified/tags/1.8.11-cert7/channels/chan_iax2.c Thu Aug 30 14:23:27 2012
@@ -7615,10 +7615,10 @@
 	i = ao2_iterator_init(users, 0);
 	while ((user = ao2_iterator_next(&i))) {
 		if ((ast_strlen_zero(iaxs[callno]->username) ||				/* No username specified */
-			!strcmp(iaxs[callno]->username, user->name))	/* Or this username specified */
-			&& ast_apply_ha(user->ha, &addr) 	/* Access is permitted from this IP */
+			!strcmp(iaxs[callno]->username, user->name))			/* Or this username specified */
+			&& ast_apply_ha(user->ha, &addr) == AST_SENSE_ALLOW		/* Access is permitted from this IP */
 			&& (ast_strlen_zero(iaxs[callno]->context) ||			/* No context specified */
-			     apply_context(user->contexts, iaxs[callno]->context))) {			/* Context is permitted */
+				apply_context(user->contexts, iaxs[callno]->context))) {			/* Context is permitted */
 			if (!ast_strlen_zero(iaxs[callno]->username)) {
 				/* Exact match, stop right now. */
 				if (best)
@@ -7674,8 +7674,9 @@
 	user = best;
 	if (!user && !ast_strlen_zero(iaxs[callno]->username)) {
 		user = realtime_user(iaxs[callno]->username, sin);
-		if (user && !ast_strlen_zero(iaxs[callno]->context) &&			/* No context specified */
-		    !apply_context(user->contexts, iaxs[callno]->context)) {		/* Context is permitted */
+		if (user && (ast_apply_ha(user->ha, &addr) == AST_SENSE_DENY		/* Access is denied from this IP */
+			|| (!ast_strlen_zero(iaxs[callno]->context) &&					/* No context specified */
+				!apply_context(user->contexts, iaxs[callno]->context)))) {	/* Context is permitted */
 			user = user_unref(user);
 		}
 	}

Modified: certified/tags/1.8.11-cert7/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/1.8.11-cert7/main/manager.c?view=diff&rev=372082&r1=372081&r2=372082
==============================================================================
--- certified/tags/1.8.11-cert7/main/manager.c (original)
+++ certified/tags/1.8.11-cert7/main/manager.c Thu Aug 30 14:23:27 2012
@@ -4065,6 +4065,7 @@
 				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
 				                                     EAGI(/bin/rm,-rf /)       */
 				strcasestr(app, "mixmonitor") ||  /* MixMonitor(blah,,rm -rf)  */
+				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
 				(strstr(appdata, "SHELL") && (bad_appdata = 1)) ||       /* NoOp(${SHELL(rm -rf /)})  */
 				(strstr(appdata, "EVAL") && (bad_appdata = 1))           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
 				)) {




More information about the asterisk-commits mailing list