[asterisk-dev] [asterisk-users] IVR ..sip.conf:allowguest=yes

Olle E. Johansson oej at edvina.net
Thu Nov 12 02:50:57 CST 2009 

> 
> 
> On Monday 02 November 2009 01:38:31 Alec Davis wrote:
>> Security warning. May not be applicable, in this users case, but 
>> please consider.
>> https://issues.asterisk.org/view.php?id=15101
>> 
>> If changing the 'default' context to allow dialout they may be 
>> allowing anyone to use their server from anywhere, if the default in 
>> sip.conf is left at 'allowguest=yes'
>> 
>> As suggested in the mantis Bug, this is now open for discussion.
>> 
>> sip.conf: allowguest=no should be the default.
> 
> As noted in the bug, I state my objections clearly.  The default
> configuration is already secure.  Note that you have stated that you have to
> CHANGE the default configuration to make it insecure.  We are not
> responsible for changes that people may make, only that the default
> configuration is secure (which it, most assuredly, is).
12 nov 2009 kl. 08.50 skrev Alec Davis:
> 
> The default should be allowguest=no so that when no entry for
> allowguest=yes/no exists in sip.conf and a user opens up his [default]
> context, he still has to make an effort to have his system compromised.
> 
> Alec Davis
> 
Alec,
The question here is really how far we should go in assuming that the user have read no documentation and have no understanding of how Asterisk works. As stated before, I do not disagree with changing sip.conf, but the general question is quite interesting. Tilghman states clearly that we can not be responsible for possible changes in the default config. There are many ways users can enable things that are insecure in the default config, like enabling the manager interface over the public internet.

Maybe you want to add some text to the security documentation to make it even more clear. I assume that you have read it.

The README says:

12	--- SECURITY ------------------------------------------------------------------
13	
14	  It is imperative that you read and fully understand the contents of
15	the security information document before you attempt to configure and run
16	an Asterisk server.

The security source is here:
http://svnview.digium.com/svn/asterisk/trunk/doc/tex/security.tex?view=markup

Please add some text to this document to explain the danger of allowguest=yes and using a context named "default".
Also note that the context named "default" is the default for all Asterisk calls. If there's no other context set for a particular call, that is where the call will end up.

/O

More information about the asterisk-dev mailing list