summaryrefslogtreecommitdiff
path: root/funcs/func_shell.c
AgeCommit message (Collapse)Author
2017-08-30AST-2017-006: Fix app_minivm application MinivmNotify command injectionCorey Farrell
An admin can configure app_minivm with an externnotify program to be run when a voicemail is received. The app_minivm application MinivmNotify uses ast_safe_system() for this purpose which is vulnerable to command injection since the Caller-ID name and number values given to externnotify can come from an external untrusted source. * Add ast_safe_execvp() function. This gives modules the ability to run external commands with greater safety compared to ast_safe_system(). Specifically when some parameters are filled by untrusted sources the new function does not allow malicious input to break argument encoding. This may be of particular concern where CALLERID(name) or CALLERID(num) may be used as a parameter to a script run by ast_safe_system() which could potentially allow arbitrary command execution. * Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp() instead of ast_safe_system() to avoid command injection. * Document code injection potential from untrusted data sources for other shell commands that are under user control. ASTERISK-27103 Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
2016-10-27Remove ASTERISK_REGISTER_FILE.Corey Farrell
ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes all traces of it. Previously exported symbols removed: * __ast_register_file * __ast_unregister_file * ast_complete_source_filename This also removes the mtx_prof static variable that was declared when MTX_PROFILE was enabled. This variable was only used in lock.c so it is now initialized in that file only. ASTERISK-26480 #close Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966
2015-04-13git migration: Refactor the ASTERISK_FILE_VERSION macroMatt Jordan
Git does not support the ability to replace a token with a version string during check-in. While it does have support for replacing a token on clone, this is somewhat sub-optimal: the token is replaced with the object hash, which is not particularly easy for human consumption. What's more, in practice, the source file version was often not terribly useful. Generally, when triaging bugs, the overall version of Asterisk is far more useful than an individual SVN version of a file. As a result, this patch removes Asterisk's support for showing source file versions. Specifically, it does the following: * Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and remove passing the version in with the macro. Other facilities than 'core show file version' make use of the file names, such as setting a debug level only on a specific file. As such, the act of registering source files with the Asterisk core still has use. The macro rename now reflects the new macro purpose. * main/asterisk: - Refactor the file_version structure to reflect that it no longer tracks a version field. - Remove the "core show file version" CLI command. Without the file version, it is no longer useful. - Remove the ast_file_version_find function. The file version is no longer tracked. - Rename ast_register_file_version/ast_unregister_file_version to ast_register_file/ast_unregister_file, respectively. * main/manager: Remove value from the Version key of the ModuleCheck Action. The actual key itself has not been removed, as doing so would absolutely constitute a backwards incompatible change. However, since the file version is no longer tracked, there is no need to attempt to include it in the Version key. * UPGRADE: Add notes for: - Modification to the ModuleCheck AMI Action - Removal of the "core show file version" CLI command Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e
2013-12-16security: Inhibit execution of privilege escalating functionsDavid M. Lee
This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-07-23Improve documentation for the SHELL() dialplan function.Kevin P. Fleming
........ Merged revisions 370383 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 370384 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370385 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2011-08-11Merged revisions 331576 via svnmerge from Richard Mudgett
https://origsvn.digium.com/svn/asterisk/branches/10 ................ r331576 | rmudgett | 2011-08-11 16:42:21 -0500 (Thu, 11 Aug 2011) | 16 lines Merged revisions 331575 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r331575 | rmudgett | 2011-08-11 16:39:58 -0500 (Thu, 11 Aug 2011) | 9 lines Segfault in shell_helper in func_shell.c. The return value of popen() was not checked for failure to open. (closes issue ASTERISK-18109) JIRA SWP-3633 Reported by: Michael Myles Tested by: rmudgett ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@331577 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2011-07-14Merged revisions 328247 via svnmerge from Leif Madsen
https://origsvn.digium.com/svn/asterisk/branches/1.10 ................ r328247 | lmadsen | 2011-07-14 16:25:31 -0400 (Thu, 14 Jul 2011) | 14 lines Merged revisions 328209 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r328209 | lmadsen | 2011-07-14 16:13:06 -0400 (Thu, 14 Jul 2011) | 6 lines Introduce <support_level> tags in MODULEINFO. This change introduces MODULEINFO into many modules in Asterisk in order to show the community support level for those modules. This is used by changes committed to menuselect by Russell Bryant recently (r917 in menuselect). More information about the support level types and what they mean is available on the wiki at https://wiki.asterisk.org/wiki/display/AST/Asterisk+Module+Support+States ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@328259 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2008-11-01Merge changes from team/group/appdocsxmlRussell Bryant
This commit introduces the first phase of an effort to manage documentation of the interfaces in Asterisk in an XML format. Currently, a new format is available for applications and dialplan functions. A good number of conversions to the new format are also included. For more information, see the following message to asterisk-dev: http://lists.digium.com/pipermail/asterisk-dev/2008-October/034968.html git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@153365 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-11-19another bunch of include removals (errno.h and asterisk/logger.h)Luigi Rizzo
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@89425 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-11-16Start untangling header inclusion in a way that does not affectLuigi Rizzo
build times - tested, there is no measureable difference before and after this commit. In this change: use asterisk/compat.h to include a small set of system headers: inttypes.h, unistd.h, stddef.h, stddint.h, sys/types.h, stdarg.h, stdlib.h, alloca.h, stdio.h Where available, the inclusion is conditional on HAVE_FOO_H as determined by autoconf. Normally, source files should not include any of the above system headers, and instead use either "asterisk.h" or "asterisk/compat.h" which does it better. For the time being I have left alone second-level directories (main/db1-ast, etc.). git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@89333 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-10-27Make sure a channel exists before attempting to start or stop channelRussell Bryant
autoservice in func_lock and func_shell. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@87233 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-09-19put the channel in autoservice when executing func_shellRussell Bryant
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@83181 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-06-07Fix a bunch of doxygen errors and document more thingsRussell Bryant
(issue #9842, snuffy) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@68339 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-05-30Issue 9477 - Improve menuselect labelsTilghman Lesher
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@66585 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-01-24Doxygen updateOlle Johansson
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@51920 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-01-07Modifications to allow the output of SHELL() to be split per line (Issue 8676)Tilghman Lesher
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@49786 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-01-07Add function to execute a shell command and return the output (Issue 8676)Tilghman Lesher
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@49785 65c4cc65-6c06-0410-ace0-fbb531ad65f3
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 12:26:03 +0000