[asterisk-dev] handling system commands in AMI

Tzafrir Cohen tzafrir.cohen at xorcom.com
Fri Jun 5 11:36:11 CDT 2009 

On Fri, Jun 05, 2009 at 07:54:21AM -0500, Russell Bryant wrote:
> 
> On Jun 5, 2009, at 1:43 AM, Nánássy Dániel wrote:
> > there is a bug (or a missing feature?) with the Command action. It  
> > does not handle the "!" command (e.g. Action: Command\r\nCommand: !  
> > echo "something"; sleep 5\r\n\r\n), however this system command can  
> > be exectuted in cli.
> This feature is left out intentionally for security reasons.

Specifically: '!' or '!command' in 'asterisk -r' shell runs a local
shell rather than a shell on the remote Asterisk process. It's not 
something that should even go over the wire.

# ps u `cat /var/run/asterisk/asterisk.pid `
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
asterisk 23721  0.0  0.1 287128  2740 ?        Ssl  May27   1:42 /usr/sbin/aster

# id -a
uid=0(root) gid=0(root) groups=0(root)

# asterisk -r
Asterisk 1.6.1.0~dfsg-1.7248, Copyright (C) 1999 - 2008 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
This package has been modified for the Debian GNU/Linux distribution
Please report all bugs to http://bugs.debian.org/asterisk
=========================================================================
Connected to Asterisk 1.6.1.0~dfsg-1.7248 currently running on sweetmorn (pid = 23721)
sweetmorn*CLI> !id -a
uid=0(root) gid=0(root) groups=0(root)


(Asteirsk is running as user 'asterisk'. id -a' was run as root)


So you can just as well implement this on the remote side without
touching Asterisk's code :-)

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-dev mailing list