asterisk.c: Add option to restrict shell access from remote consoles.

UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.

Resolves: #GHSA-c7p6-7mvq-8jq2

diff --git a/configs/samples/asterisk.conf.sample b/configs/samples/asterisk.conf.sample
index 7a48e9e64880af6b60343deb3d01652196c4bfe7..c573c276ae2d2ff3fbedc1f06cab57d464999efa 100644 (file)
--- a/configs/samples/asterisk.conf.sample
+++ b/configs/samples/asterisk.conf.sample
@@ -138,6 +138,9 @@ documentation_language = en_US      ; Set the language you want documentation
                 ;   cpp_map_name_id: Use C++ Maps to index both
                 ;                    channel name and channel uniqueid.
                 ; See http://s.asterisk.net/dc679ec3 for more information.
+;disable_remote_console_shell = no; Prevent remote console CLI sessions
+                ; from executing shell commands with the '!' prefix.
+                ; Default: no
 
 ; Changing the following lines may compromise your security.
 ;[files]

diff --git a/configs/samples/cli_permissions.conf.sample b/configs/samples/cli_permissions.conf.sample
index 8632a72c0e0a36a9d101c8d48bb70f4c1413d8db..a1cb68648816e2049256fc03d9d57b3946678c2f 100644 (file)
--- a/configs/samples/cli_permissions.conf.sample
+++ b/configs/samples/cli_permissions.conf.sample
@@ -19,6 +19,11 @@
 ; deny = <command name> | all          ; disallow the user to run 'command' |
 ;                                      ; disallow the user to run 'all' commands.
 ;
+; NOTE: This file can't be used to restict the use of the '!' prefix
+; for running shell commands from the CLI. You can however disable the
+; use of the shell commands in remote consoles altogether by setting
+; the 'disable_remote_console_shell' parameter in asterisk.conf to 'yes'.
+;
 
 [general]
 

diff --git a/include/asterisk/options.h b/include/asterisk/options.h
index 8fa3f20719db2ee77a97303c73b5e4e30b2711ac..793d5def2c2ab93f93de0bcf4f755dc4b67856f1 100644 (file)
--- a/include/asterisk/options.h
+++ b/include/asterisk/options.h
@@ -209,6 +209,8 @@ extern int ast_language_is_prefix;
 extern int ast_option_rtpusedynamic;
 extern unsigned int ast_option_rtpptdynamic;
 
+extern int ast_option_disable_remote_console_shell;
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif

diff --git a/main/asterisk.c b/main/asterisk.c
index 1fe8843a1955862e5029cf1ff6d5ed19e0245ba2..8f66145ea4534a210a07e152e6c219b00c408814 100644 (file)
--- a/main/asterisk.c
+++ b/main/asterisk.c
@@ -581,6 +581,8 @@ static char *handle_show_settings(struct ast_cli_entry *e, int cmd, struct ast_c
        }
        ast_cli(a->fd, "  Channel storage backend:     %s\n",
                ast_channel_get_current_storage_driver_name());
+       ast_cli(a->fd, "  Shell on remote consoles:    %s\n",
+               ast_option_disable_remote_console_shell ? "Disabled" : "Enabled");
 
        ast_cli(a->fd, "\n* Subsystems\n");
        ast_cli(a->fd, "  -------------\n");
@@ -2337,6 +2339,10 @@ static int remoteconsolehandler(const char *s)
 
        /* The real handler for bang */
        if (s[0] == '!') {
+               if (ast_option_disable_remote_console_shell) {
+                       printf("Shell access is disabled on remote consoles\n");
+                       return 1;
+               }
                if (s[1])
                        ast_safe_system(s+1);
                else

diff --git a/main/options.c b/main/options.c
index f3177b5ec0feb156a2b26ebf0309f0ce71f61d20..760d1473de18e47aaa904be22920a720a2ac04f6 100644 (file)
--- a/main/options.c
+++ b/main/options.c
@@ -88,7 +88,7 @@ long option_minmemfree;
 #endif
 int ast_option_rtpusedynamic = 1;
 unsigned int ast_option_rtpptdynamic = 35;
-
+int ast_option_disable_remote_console_shell = 0;
 /*! @} */
 
 struct ast_eid ast_eid_default;
@@ -224,6 +224,7 @@ void load_asterisk_conf(void)
        int option_trace_new = 0;
        int option_verbose_new = 0;
 
+
        /* init with buildtime config */
 #ifdef REF_DEBUG
        /* The REF_DEBUG compiler flag is now only used to enable refdebug by default.
@@ -477,6 +478,8 @@ void load_asterisk_conf(void)
                        ast_set2_flag(&ast_options, ast_true(v->value), AST_OPT_FLAG_SOUNDS_SEARCH_CUSTOM);
                } else if (!strcasecmp(v->name, "channel_storage_backend")) {
                        internal_channel_set_current_storage_driver(v->value);
+               } else if (!strcasecmp(v->name, "disable_remote_console_shell")) {
+                       ast_option_disable_remote_console_shell = ast_true(v->value);
                }
        }
        if (!ast_opt_remote) {