[asterisk-dev] AstriDevCon - PineMango
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Thu Oct 9 07:54:29 CDT 2008
On Thu, Oct 09, 2008 at 11:20:27AM +0200, Johansson Olle E wrote:
>
> 8 okt 2008 kl. 23.20 skrev Nir Simionovich:
>
> > That diagram is not 100% correct. For example, we nixed the
> > authentication layer since it is such a large undertaking for the
> > limited gain it would provide
>
> That's a very interesting statement in regards to security...
>
> The authorization layer is very much needed if we're going to open up
> the core this way.
>
> Authentication is a different thing, but needs to be taken care of too.
And speaking of authorization: Asterisk is a process that handles
network requests (that is: untrusted data that may be proxied even
through a firewall). This suggestion adds even more interesting
interfaces. Yet everything is done in one process.
We currently have the asterisk-gui that is implemented as user-side
javascript code. When that code needs to run something on the server
side, it will send a shell command to the asterisk server, which will
execute it using System(). E.g. check how the file editor is
implemented.
The http server itself is part of the asterisk process as well. No way
to make it less priviliged.
openssh, dovecot, postfix and others use a separate process altogether for
the authentication phase. The main daemon forks it early on and connects
to it using a socket.
One interesting exercise in that respect would be to write robust
SELinux rules that would describe just exactly what the Asterisk process
is allowed to do.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list