From 744556c01d6e28d4ae46c347f77edfb71778d924 Mon Sep 17 00:00:00 2001 From: "David M. Lee" Date: Mon, 16 Dec 2013 19:11:51 +0000 Subject: security: Inhibit execution of privilege escalating functions This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- UPGRADE-12.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'UPGRADE-12.txt') diff --git a/UPGRADE-12.txt b/UPGRADE-12.txt index 426b1a979..6486f3e47 100644 --- a/UPGRADE-12.txt +++ b/UPGRADE-12.txt @@ -351,6 +351,16 @@ CEL: - BLINDTRANSFER/ATTENDEDTRANSFER events now report the peer as NULL and additional information in the extra string field. +Dialplan Functions: + + - Certain dialplan functions have been marked as 'dangerous', and may only be + executed from the dialplan. Execution from extenal sources (AMI's GetVar and + SetVar actions; etc.) may be inhibited by setting live_dangerously in the + [options] section of asterisk.conf to no. SHELL(), channel locking, and + direct file read/write functions are marked as dangerous. DB_DELETE() and + REALTIME_DESTROY() are marked as dangerous for reads, but can now safely + accept writes (which ignore the provided value). + Dialplan: - All channel and global variable names are evaluated in a case-sensitive manner. In previous versions of Asterisk, variables created and evaluated in -- cgit v1.2.3