[asterisk-dev] security model of the manager interface

Tzafrir Cohen tzafrir.cohen at xorcom.com
Fri Apr 20 17:44:08 MST 2007


I was trying to think about the security model of the asterisk-gui, and
quickly realised that it generally gives any user who has been granted
manager interface access full control of Asterisk.

Then I realised that with the current granularity of permissions in the
manager interface, whoever has either the "config" permission or the
"call" write permission has practically full control of Asterisk.

(if you have the 'call' write permission you can originate a call to the
application System, and you can also inspect other channels and such).

How can we use the manager interface to grant partial access? Two
examples of such partial access:

1. http://outcall.sourceforge.net/ : a nice client which has been
recently released as free software. It calls through the manager
interface, and requires at least the ability to Originate calls.

2. Management of a subdomain, or any other type of partial management.

3. User control panel.

Either we need to take a good look at the permissions to manager
interface operations, or we need to move this to a separate proxy.

               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-dev mailing list