[asterisk-users] Function SHELL not registered
A J Stiles
asterisk_list at earthshod.co.uk
Wed Jul 6 09:37:41 CDT 2016
On Wednesday 06 Jul 2016, Michael Jepson wrote:
> Adding live_dangerously did the trick. Thanks! But how dangerous is
> Asterisk living now ?
I must admit, still using an ancient Asterisk version, I didn't know about
live_dangerously. But it sort of makes sense.
It is somewhat dangerous to have a function that can execute arbitrary system
commands, especially as root. Just how dangerous depends on what commands can
end up being executed. For instance, it probably would -not- be a good idea
to include something like
exten => 666,1,NoOp(${SHELL(/sbin/init 0)})
in a dialplan on a production server .....
Just be careful what commands you execute and what parameters you feed to
them. You might even want to use a wrapper script around anything that could
misbehave if given a wrong parameter (especially if the paramters depend on
anything user-settable); do a quick sanity-check in the script itself, and
only execute the "real" command if everything is within the range you expect.
And don't think that blocking SHELL() makes your Asterisk server magically
safe. You can still run dangerous system commands from within an AGI script.
--
AJS
Note: Originating address only accepts e-mail from list! If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .
More information about the asterisk-users
mailing list