[asterisk-users] Important security alert: update your?dialplans now!

Michiel van Baak michiel at vanbaak.info
Mon Feb 15 09:05:33 CST 2010


On 08:48, Mon 15 Feb 10, Tilghman Lesher wrote:
> On Monday 15 February 2010 03:37:24 Rob Hillis wrote:
> > On 02/15/10 20:00, Randy R wrote:
> > > Olle, this may be a stupid question, but shouldn't a native santitize
> > > function be urgently added to the code base in all versions or change
> > > the dialplan comp?ler to ignore dangerous characters?
> >
> > Whilst I agree with this, the unfortunate attitude we seem to get from
> > Digium on most of these issues is "you can already do this in dialplan,
> > therefore we don't need to invest any effort in it."  The fact that a
> > workaround may be quite difficult to implement properly doesn't come in
> > to it.  The most obvious example of this one is the deprecation and
> > removal of chan_agent without any sort of replacement being introduced
> > because "it's already possible to do in the dialplan".
> 
> Uh, chan_agent has been neither removed nor deprecated.

He probably means AgentCallbackLogin

-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"




More information about the asterisk-users mailing list