[svn-commits] kharwell: trunk r428418 - in /trunk: ./ funcs/func_db.c
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Thu Nov 20 10:35:23 CST 2014
Author: kharwell
Date: Thu Nov 20 10:35:21 2014
New Revision: 428418
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428418
Log:
AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.
The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.
Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.
ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........
Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 428409 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 428413 from http://svn.asterisk.org/svn/asterisk/branches/13
Modified:
trunk/ (props changed)
trunk/funcs/func_db.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-13-merged' - no diff available.
Modified: trunk/funcs/func_db.c
URL: http://svnview.digium.com/svn/asterisk/trunk/funcs/func_db.c?view=diff&rev=428418&r1=428417&r2=428418
==============================================================================
--- trunk/funcs/func_db.c (original)
+++ trunk/funcs/func_db.c Thu Nov 20 10:35:21 2014
@@ -351,7 +351,7 @@
{
int res = 0;
- res |= ast_custom_function_register(&db_function);
+ res |= ast_custom_function_register_escalating(&db_function, AST_CFE_BOTH);
res |= ast_custom_function_register(&db_exists_function);
res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ);
res |= ast_custom_function_register(&db_keys_function);
More information about the svn-commits
mailing list