[Asterisk-Dev] Disabling "!"
Robert Spielmann
spielmann at tal.de
Tue Feb 22 08:19:26 MST 2005
asterisk.c, the functions consolehandler and remoteconsolehandler, in each
case the part with "if(s[0]=='!')" .. :-) Remove it and whatever you type on
the CLI will be interpreted as a CLI command, not as a shell command.
Example: change in consolehandler from
if (s[0] == '!') {
if (s[1])
ast_safe_system(s+1);
else
ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
} else
ast_cli_command(STDOUT_FILENO, s);
to
ast_cli_command(STDOUT_FILENO, s);
good luck,
Robert
Am Dienstag, 22. Februar 2005 14:23 schrieb Alessio Focardi:
> Hi,
>
> I'm not a coder so I'm having some troubles finding where in the
> source code the cli "!" function is defined.
>
> I would love to remove it to increase security ... tnx for any help !
--
Mit freundlichen Grüßen
Robert Spielmann
-----------------------------------------------------
TAL.DE Klaus Internet Service GmbH spielmann at tal.de
Robertstr. 6 * D-42107 Wuppertal, Germany
Tel +49 (0) 202 495-364 * Fax +49 (0) 202 / 495-399
More information about the asterisk-dev
mailing list