[asterisk-dev] security model of the manager interface
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Fri Apr 20 18:22:18 MST 2007
On Sat, Apr 21, 2007 at 03:03:14AM +0200, Stefan Reuter wrote:
> Tzafrir Cohen wrote:
> > I was trying to think about the security model of the asterisk-gui, and
> > quickly realised that it generally gives any user who has been granted
> > manager interface access full control of Asterisk.
> >
> > Then I realised that with the current granularity of permissions in the
> > manager interface, whoever has either the "config" permission or the
> > "call" write permission has practically full control of Asterisk.
> [...]
> > Either we need to take a good look at the permissions to manager
> > interface operations, or we need to move this to a separate proxy.
>
> I've discussed this kind of domain-object security (i.e. access to calls
> but only if channel matches some pattern) with the AstManProxy guy a
> year ago or so but without any result.
> If you thing things through implementing something like this in a
> generic proxy is a very tough challenge (think of Local channels,
> channel renaming, forwarding of calls and so on).
I'm not really afraid of breaking the manager interface if that is what
it takes. It better have a good reason, but still...
>
> My conclusion from that discussion was simply to never directly expose
> the Manager API to any application you don't have full control over or
> that is run in an untrusted environment or by an untrusted user.
>
> My solution for day-to-day projects is to use a special application that
> exposed "business" services with proper access control through a
> remoting API (JMS for Java applications, XML over HTTP and plain HTTP
> POST/GET for other types of application).
> That special application does not offer the full range of features the
> Manager API has to offer but a useful abstract subset for things like
> "place call", "get status", etc.
So we end up with a set of such application-specific wrappers. Half of
them at least would be implemented badly.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir at jabber.org
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list