diff options
| author | Kevin Harwell <kharwell@digium.com> | 2014-11-20 15:50:44 +0000 |
|---|---|---|
| committer | Kevin Harwell <kharwell@digium.com> | 2014-11-20 15:50:44 +0000 |
| commit | 19ba0d136348e1325e572dba4dd6c53af21d29b7 (patch) | |
| tree | eaaaba0400e893ce8eb3ef25f0ea0c742dfb20d9 /apps/app_confbridge.c | |
| parent | e7f16827cb7c1664a3e34621e4638c1d86bfe274 (diff) | |
AST-2014-017 - app_confbridge: permission escalation/ class authorization.
Confbridge dialplan function permission escalation via AMI and inappropriate
class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan
function when executed from an external protocol (for instance AMI), could
result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord”
could also be used to execute arbitrary system commands without first checking
for system access.
Asterisk now inhibits the CONFBRIDGE function from being executed from an
external interface if the live_dangerously option is set to no. Also, the
“ConfbridgeStartRecord” AMI action is now only allowed to execute under a
user with system level access.
ASTERISK-24490
Reported by: Gareth Palmer
........
Merged revisions 428332 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 428334 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@428339 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'apps/app_confbridge.c')
| -rw-r--r-- | apps/app_confbridge.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/app_confbridge.c b/apps/app_confbridge.c index 18ea804c0..3f982a515 100644 --- a/apps/app_confbridge.c +++ b/apps/app_confbridge.c @@ -3410,7 +3410,7 @@ static int load_module(void) res |= ast_register_application_xml(app, confbridge_exec); - res |= ast_custom_function_register(&confbridge_function); + res |= ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE); res |= ast_custom_function_register(&confbridge_info_function); res |= ast_cli_register_multiple(cli_confbridge, ARRAY_LEN(cli_confbridge)); @@ -3422,7 +3422,7 @@ static int load_module(void) res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick); res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock); res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock); - res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord); + res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord); res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord); res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc); if (res) { |