diff options
author | David M. Lee <dlee@digium.com> | 2013-12-16 19:11:51 +0000 |
---|---|---|
committer | David M. Lee <dlee@digium.com> | 2013-12-16 19:11:51 +0000 |
commit | 744556c01d6e28d4ae46c347f77edfb71778d924 (patch) | |
tree | bc90f83b4ec9ef0eafb3d952076bf9ea24406366 /funcs/func_db.c | |
parent | 00dcee2a640394ac0aae294396d96985c6c1aba1 (diff) |
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
Also, the ABI was changed to something more reasonable, since Asterisk
12 does not yet have a public release.
(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........
Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'funcs/func_db.c')
-rw-r--r-- | funcs/func_db.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/funcs/func_db.c b/funcs/func_db.c index 20c8829a6..ebe58f02e 100644 --- a/funcs/func_db.c +++ b/funcs/func_db.c @@ -110,6 +110,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") <para>This function will retrieve a value from the Asterisk database and then remove that key from the database. <variable>DB_RESULT</variable> will be set to the key's value if it exists.</para> + <note> + <para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal> + is set to <literal>no</literal>, this function can only be read from the + dialplan, and not directly from external protocols. It can, however, be + executed as a write operation (<literal>DB_DELETE(family, key)=ignored</literal>)</para> + </note> </description> <see-also> <ref type="application">DBdel</ref> @@ -311,10 +317,22 @@ static int function_db_delete(struct ast_channel *chan, const char *cmd, return 0; } +/*! + * \brief Wrapper to execute DB_DELETE from a write operation. Allows execution + * even if live_dangerously is disabled. + */ +static int function_db_delete_write(struct ast_channel *chan, const char *cmd, char *parse, + const char *value) +{ + /* Throwaway to hold the result from the read */ + char buf[128]; + return function_db_delete(chan, cmd, parse, buf, sizeof(buf)); +} static struct ast_custom_function db_delete_function = { .name = "DB_DELETE", .read = function_db_delete, + .write = function_db_delete_write, }; static int unload_module(void) @@ -335,7 +353,7 @@ static int load_module(void) res |= ast_custom_function_register(&db_function); res |= ast_custom_function_register(&db_exists_function); - res |= ast_custom_function_register(&db_delete_function); + res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ); res |= ast_custom_function_register(&db_keys_function); return res; |