[asterisk-users] giving a user asterisk CLI access: how bad could it get

Tilghman Lesher tilghman at mail.jeffandtilghman.com
Tue Nov 4 16:31:58 CST 2008


On Tuesday 04 November 2008 15:52:10 Ruddy Gbaguidi wrote:
> Did you know that any commandyou type in asterisk cli starting with
> exclamation point (!) is execute in the shell by asterisk ??
> Example :
> running
> !ls
> will run 'ls' in your current directory
>
> So, be aware because your user can do whatever we want then.

Yes, but remote commands are executed as whatever user is running the
remote command, which is NOT necessarily the same as root.  You can open
up the permissions of the asterisk.ctl pipe file to allow another group to
connect.

That, however, still leaves the indirect method of executing commands, which
are still executed by the Asterisk process itself.

-- 
Tilghman



More information about the asterisk-users mailing list