[asterisk-dev] New manager action: CreateConfig
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Tue Feb 12 10:10:29 CST 2008
On Tue, Feb 12, 2008 at 04:16:48PM +0100, Johansson Olle E wrote:
> What happens if I use an argument of "../rc.conf" or "../passwd" ?
>
> I suggest we filter file name arguments for ".." and "/" in the
> arguments of all these configuration actions.
You assume the user did not run:
System(ln -s / /etc/asterisk/rootdir)
Running Asterisk as root is bad for your health.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list