security: Inhibit execution of privilege escalating functions

This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: David M. Lee <dlee@digium.com> 2013-12-16 19:11:51 +0000
committer: David M. Lee <dlee@digium.com> 2013-12-16 19:11:51 +0000
commit: 744556c01d6e28d4ae46c347f77edfb71778d924 (patch)
tree: bc90f83b4ec9ef0eafb3d952076bf9ea24406366 /funcs/func_shell.c
parent: 00dcee2a640394ac0aae294396d96985c6c1aba1 (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/funcs/func_shell.c b/funcs/func_shell.c
index bad10b381..e403efc2e 100644
--- a/funcs/func_shell.c
+++ b/funcs/func_shell.c
@@ -88,11 +88,17 @@ static int shell_helper(struct ast_channel *chan, const char *cmd, char *data,
 		</syntax>
 		<description>
 			<para>Collects the output generated by a command executed by the system shell</para>
-			<para>Example:  <literal>Set(foo=${SHELL(echo \bar\)})</literal></para>
-			<note><para>The command supplied to this function will be executed by the
-			system's shell, typically specified in the SHELL environment variable. There
-			are many different system shells available with somewhat different behaviors,
-			so the output generated by this function may vary between platforms.</para></note>
+			<para>Example:  <literal>Set(foo=${SHELL(echo bar)})</literal></para>
+			<note>
+				<para>The command supplied to this function will be executed by the
+				system's shell, typically specified in the SHELL environment variable. There
+				are many different system shells available with somewhat different behaviors,
+				so the output generated by this function may vary between platforms.</para>
+
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 
 	</function>
@@ -109,7 +115,7 @@ static int unload_module(void)
 
 static int load_module(void)
 {
-	return ast_custom_function_register(&shell_function);
+	return ast_custom_function_register_escalating(&shell_function, AST_CFE_READ);
 }
 
 AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Collects the output generated by a command executed by the system shell");
author	David M. Lee <dlee@digium.com>	2013-12-16 19:11:51 +0000
committer	David M. Lee <dlee@digium.com>	2013-12-16 19:11:51 +0000
commit	744556c01d6e28d4ae46c347f77edfb71778d924 (patch)
tree	bc90f83b4ec9ef0eafb3d952076bf9ea24406366 /funcs/func_shell.c
parent	00dcee2a640394ac0aae294396d96985c6c1aba1 (diff)