[asterisk-users] Important security alert: update your?dialplans now!

Tilghman Lesher tlesher at digium.com
Mon Feb 15 17:11:06 CST 2010


On Monday 15 February 2010 09:05:33 Michiel van Baak wrote:
> On 08:48, Mon 15 Feb 10, Tilghman Lesher wrote:
> > On Monday 15 February 2010 03:37:24 Rob Hillis wrote:
> > > On 02/15/10 20:00, Randy R wrote:
> > > > Olle, this may be a stupid question, but shouldn't a native santitize
> > > > function be urgently added to the code base in all versions or change
> > > > the dialplan comp?ler to ignore dangerous characters?
> > >
> > > Whilst I agree with this, the unfortunate attitude we seem to get from
> > > Digium on most of these issues is "you can already do this in dialplan,
> > > therefore we don't need to invest any effort in it."  The fact that a
> > > workaround may be quite difficult to implement properly doesn't come in
> > > to it.  The most obvious example of this one is the deprecation and
> > > removal of chan_agent without any sort of replacement being introduced
> > > because "it's already possible to do in the dialplan".
> >
> > Uh, chan_agent has been neither removed nor deprecated.
>
> He probably means AgentCallbackLogin

While it has been deprecated, that hasn't been removed, either.  If an
enterprising person would like to try to fix it, I don't have an objection.

-- 
Tilghman Lesher
Digium, Inc. | Senior Software Developer
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
Check us out at: www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list