diff options
| author | Kevin Harwell <kharwell@digium.com> | 2014-11-20 16:35:21 +0000 |
|---|---|---|
| committer | Kevin Harwell <kharwell@digium.com> | 2014-11-20 16:35:21 +0000 |
| commit | 2486b48cec25517ae0ce8d8e0795f72cf1222a9b (patch) | |
| tree | de931d145e2808385f0aee3c2f035893f93704b4 /funcs/func_db.c | |
| parent | 2f97486d43f1945598e4ca4ac8df693aa1fb648b (diff) | |
AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.
The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.
Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.
ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........
Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 428409 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 428413 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@428418 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'funcs/func_db.c')
| -rw-r--r-- | funcs/func_db.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/funcs/func_db.c b/funcs/func_db.c index ebe58f02e..b56fef9f5 100644 --- a/funcs/func_db.c +++ b/funcs/func_db.c @@ -351,7 +351,7 @@ static int load_module(void) { int res = 0; - res |= ast_custom_function_register(&db_function); + res |= ast_custom_function_register_escalating(&db_function, AST_CFE_BOTH); res |= ast_custom_function_register(&db_exists_function); res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ); res |= ast_custom_function_register(&db_keys_function); |