[asterisk-users] Executing shell commands via AMI
Steve Edwards
asterisk.org at sedwards.com
Wed Mar 16 20:03:07 CDT 2011
On Wed, 16 Mar 2011, Vinícius Fontes wrote:
> But I really don't see much of a threat on this. AGI does almost the same.
I thought you didn't want to start a flamefest :)
The security risk of AGI would be 'the same' if you provide a method for a
miscreant to create a file on your Asterisk server, make it executable,
modify your dialplan, reload the dialplan and execute that section of the
dialplan.
If all these conditions are already in place, your definition of 'secure'
is different than mine.
The ability to [remotely] execute a shell command via AMI does sound
interesting. Can you describe where this would be needed and could not be
accomplished with existing tools like ssh and sudo?
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list