[asterisk-dev] security model of the manager interface

Tzafrir Cohen tzafrir.cohen at xorcom.com
Fri Apr 20 18:22:18 MST 2007 

On Sat, Apr 21, 2007 at 03:03:14AM +0200, Stefan Reuter wrote:
> Tzafrir Cohen wrote:
> > I was trying to think about the security model of the asterisk-gui, and
> > quickly realised that it generally gives any user who has been granted
> > manager interface access full control of Asterisk.
> > 
> > Then I realised that with the current granularity of permissions in the
> > manager interface, whoever has either the "config" permission or the
> > "call" write permission has practically full control of Asterisk.
> [...]
> > Either we need to take a good look at the permissions to manager
> > interface operations, or we need to move this to a separate proxy.
> 
> I've discussed this kind of domain-object security (i.e. access to calls
> but only if channel matches some pattern) with the AstManProxy guy a
> year ago or so but without any result.
> If you thing things through implementing something like this in a
> generic proxy is a very tough challenge (think of Local channels,
> channel renaming, forwarding of calls and so on).

I'm not really afraid of breaking the manager interface if that is what
it takes. It better have a good reason, but still...

> 
> My conclusion from that discussion was simply to never directly expose
> the Manager API to any application you don't have full control over or
> that is run in an untrusted environment or by an untrusted user.
> 
> My solution for day-to-day projects is to use a special application that
> exposed "business" services with proper access control through a
> remoting API (JMS for Java applications, XML over HTTP and plain HTTP
> POST/GET for other types of application).
> That special application does not offer the full range of features the
> Manager API has to offer but a useful abstract subset for things like
> "place call", "get status", etc.

So we end up with a set of such application-specific wrappers. Half of
them at least would be implemented badly.

-- 
               Tzafrir Cohen       
icq#16849755                    jabber:tzafrir at jabber.org
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-dev mailing list