[Asterisk-Dev] Security of Asterisk shell out (Was: is this a bug?)

[Matt Riddell]

Aaron S. Joyner wrote:
>  From a security-minded standpoint, is there a way to disable this 
> functionality, either from the config file or startup arguments?  I 

This is a perfect example of a topic for the Asterisk-Security list.

> don't personally think it's a good idea, but it's not beyond the realm 
> of possibility that someone might consider providing the Asterisk CLI as 
> a user's shell, in order to allow them limited administrative access.  A 
> hypothetical example might be a manager or tech support representative 
> being allowed CLI access to be able to execute "sip show peers", or the 

This sounds like a terrible idea.  That's like saying "I'll give the 
manager root access on my box so he can check his email".

Why not run my AstWinPeers program so that he can see the result of sip 
show peers in a graph.

> like.  The ability to turn off direct access to a shell might be 
> desirable, to limit their ability to easily affect the rest of the 
> system, or at least require more complicated abuse to get shell-level 
> access.

Dude, if someone's got full access to your console, (assuming you are 
only running Asterisk on the box - as you should be) would mean that 
they could kill the whole purpose for the box anyway.  Regardless of 
whether or not the shell is present.

>... and even having such an option (to prevent shelling out) 
> would potentially encourage bad security practices.

Quite the reverse I'd say.  I think if you thought it was safe to let 
your manager or an outsider into your console, you'd do it.  We'd even 
be better off allowing you to do as much as possible from the console so 
as to prevent people from even considering letting anyone have access to it.

-- 
Cheers,

Matt Riddell
_______________________________________________

http://www.sineapps.com/news.php (Daily Asterisk News - html)
http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss)