diff options
author | David M. Lee <dlee@digium.com> | 2013-12-16 19:11:51 +0000 |
---|---|---|
committer | David M. Lee <dlee@digium.com> | 2013-12-16 19:11:51 +0000 |
commit | 744556c01d6e28d4ae46c347f77edfb71778d924 (patch) | |
tree | bc90f83b4ec9ef0eafb3d952076bf9ea24406366 /funcs/func_lock.c | |
parent | 00dcee2a640394ac0aae294396d96985c6c1aba1 (diff) |
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.
Also, the ABI was changed to something more reasonable, since Asterisk
12 does not yet have a public release.
(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........
Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'funcs/func_lock.c')
-rw-r--r-- | funcs/func_lock.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/funcs/func_lock.c b/funcs/func_lock.c index d8db10e84..2102d5c9a 100644 --- a/funcs/func_lock.c +++ b/funcs/func_lock.c @@ -59,6 +59,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") Returns <literal>1</literal> if the lock was obtained or <literal>0</literal> on error.</para> <note><para>To avoid the possibility of a deadlock, LOCK will only attempt to obtain the lock for 3 seconds if the channel already has another lock.</para></note> + <note> + <para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal> + is set to <literal>no</literal>, this function can only be executed from the + dialplan, and not directly from external protocols.</para> + </note> </description> </function> <function name="TRYLOCK" language="en_US"> @@ -72,6 +77,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") <para>Attempts to grab a named lock exclusively, and prevents other channels from obtaining the same lock. Returns <literal>1</literal> if the lock was available or <literal>0</literal> otherwise.</para> + <note> + <para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal> + is set to <literal>no</literal>, this function can only be executed from the + dialplan, and not directly from external protocols.</para> + </note> </description> </function> <function name="UNLOCK" language="en_US"> @@ -86,6 +96,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") had a lock or <literal>0</literal> otherwise.</para> <note><para>It is generally unnecessary to unlock in a hangup routine, as any locks held are automatically freed when the channel is destroyed.</para></note> + <note> + <para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal> + is set to <literal>no</literal>, this function can only be executed from the + dialplan, and not directly from external protocols.</para> + </note> </description> </function> ***/ @@ -502,9 +517,9 @@ static int unload_module(void) static int load_module(void) { - int res = ast_custom_function_register(&lock_function); - res |= ast_custom_function_register(&trylock_function); - res |= ast_custom_function_register(&unlock_function); + int res = ast_custom_function_register_escalating(&lock_function, AST_CFE_READ); + res |= ast_custom_function_register_escalating(&trylock_function, AST_CFE_READ); + res |= ast_custom_function_register_escalating(&unlock_function, AST_CFE_READ); if (ast_pthread_create_background(&broker_tid, NULL, lock_broker, NULL)) { ast_log(LOG_ERROR, "Failed to start lock broker thread. Unloading func_lock module.\n"); |