[Asterisk-Users] Set system time over the phone

Mike Sander mike at corporatebankinginternational.com
Tue Apr 5 13:52:36 MST 2005 

No LAN what-so-ever. Customer is very paranoid.

Yes, sanitisation would be handy. Perhaps I should call an AGI file to do 
this. Although I'm not sure how you can hack a system using only numbers 
0-9, # and *. I'm sure there's a way!!!

----- Original Message ----- 
From: "Tzafrir Cohen" <tzafrir at cohens.org.il>
To: <asterisk-users at lists.digium.com>
Sent: Tuesday, April 05, 2005 8:02 PM
Subject: Re: [Asterisk-Users] Set system time over the phone


> On Tue, Apr 05, 2005 at 09:45:54AM +1000, Mike Sander wrote:
>> I have installed Asterisk using the Ast at Home image for a client that is
>> VoIP-a-phobic.
>>
>> Hence the system cannot be connected to their LAN at all - don't ask why!
>
> Does it have a lan connection at all? If so, you could use ntpd. Setting
> the clock manually can have some side-effects and some services may
> require running.
>
>>
>> I have tested the clock at my installation lab, and all is fine, but they
>> might want to set/check it.
>>
>> I know there is the SayUnixTime command, and it works fine to say the 
>> time.
>>
>> Is there a good dialplan command to test it? Best I've come across is
>> System, but this exits non-zero. Any ideas?
>>
>> exten 456,1,Background(Please-set-time-mmddhhmm)
>> exten _.,1,System (date ${EXTEN})
>>
>
> Before passing input blindly to system, you need to sanitize it. E.g:
> Any chance someone could dial a ';'? If so, that one can run an
> arbitrary shell command (as Asterisk's user).
>
> -- 
> Tzafrir Cohen         | New signature for new address and  |  VIM is
> http://tzafrir.org.il | new homepage                       | a Mutt's
> tzafrir at cohens.org.il |                                    |  best
> ICQ# 16849755         | Space reserved for other protocols | friend
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.308 / Virus Database: 266.9.2 - Release Date: 5/04/2005
>
>

More information about the asterisk-users mailing list