diff options
| author | David M. Lee <dlee@digium.com> | 2013-12-16 19:11:51 +0000 |
|---|---|---|
| committer | David M. Lee <dlee@digium.com> | 2013-12-16 19:11:51 +0000 |
| commit | 744556c01d6e28d4ae46c347f77edfb71778d924 (patch) | |
| tree | bc90f83b4ec9ef0eafb3d952076bf9ea24406366 /UPGRADE-12.txt | |
| parent | 00dcee2a640394ac0aae294396d96985c6c1aba1 (diff) | |
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
Also, the ABI was changed to something more reasonable, since Asterisk
12 does not yet have a public release.
(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........
Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'UPGRADE-12.txt')
| -rw-r--r-- | UPGRADE-12.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/UPGRADE-12.txt b/UPGRADE-12.txt index 426b1a979..6486f3e47 100644 --- a/UPGRADE-12.txt +++ b/UPGRADE-12.txt @@ -351,6 +351,16 @@ CEL: - BLINDTRANSFER/ATTENDEDTRANSFER events now report the peer as NULL and additional information in the extra string field. +Dialplan Functions: + + - Certain dialplan functions have been marked as 'dangerous', and may only be + executed from the dialplan. Execution from extenal sources (AMI's GetVar and + SetVar actions; etc.) may be inhibited by setting live_dangerously in the + [options] section of asterisk.conf to no. SHELL(), channel locking, and + direct file read/write functions are marked as dangerous. DB_DELETE() and + REALTIME_DESTROY() are marked as dangerous for reads, but can now safely + accept writes (which ignore the provided value). + Dialplan: - All channel and global variable names are evaluated in a case-sensitive manner. In previous versions of Asterisk, variables created and evaluated in |