[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Kai Hoerner kai at ciphron.de
Mon Nov 16 02:55:33 CST 2009


Hi Olle and others,

Olle E. Johansson schrieb:
>> If we allowguest=yes, unauthenticated calls will end up in the default
>> context _as well_ but it's not guaranteed only unauthenticated calls go
>> there.
>>
>> For that reason i suggest another, more clear context name: "unconfigured"
>>     
> For trunk, we can separate the default context, that is inherited to unconfigured devices from the context that is used for calls where we can not match anyone. Like "guestcontext". That would make things very clear. 

Agreed.

> Guestcontext can default to the default context, but the sample configuration could have an activated setting. 

This would impose the exact same behaviour for beginners:
if they start adding things like dialout in the default context, the 
world can use it.

i suggest we change the extensions.conf sample too.
there should be a [demo] context, an [unconfigured] and a [default] 
context. Both the [unconfigured] and [default] contexts include [demo].
in [demo] there would be a comment telling beginners to not use [demo] 
for messing around. (with the note that it is included for 
unauthenticated calls)

that way, if they add anything like dialout in [default], the 
[unconfigured] context would still be "secure".

> but the sample configuration could have an activated setting. 
>   

IMO the sip.conf.sample should contain an activated "allowguest=no"

> While this would not work with released versions, it might make things better with future releases.
Agreed.


-- 
CIPHRON GmbH
Tel.: (05 11) 51 51 33 - 0      Fax:          (05 11) 51 51 33 - 29
Web: http://www.ciphron.de/     Support:      (05 11) 51 51 33 - 11
Ust.Id.: DE263362886            Geschäftsführer:  Sebastian Horzela
                                Amtsgericht Hannover,    HRB 203590



More information about the asterisk-dev mailing list