]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
projects / thirdparty / asterisk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b3d58b6)
Reverted part of r314607, as it can introduce a regression.
authorMatthew Nicholson <mnicholson@digium.com>
Mon, 25 Apr 2011 16:14:21 +0000 (16:14 +0000)
committerMatthew Nicholson <mnicholson@digium.com>
Mon, 25 Apr 2011 16:14:21 +0000 (16:14 +0000)
Specifically, the security check for the "system" privilege was removed. If a user had the "call" privilege but not the "system" privilege, they would loose the ability to execute the system app and dialplan functions that run commands in a shell. This branch never used the "system" privilege for that purpose and did not need to be patched.

AST-2011-006

(related to issue 0018787)
Reported by: kobaz

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@315147 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c patch | blob | blame | history

diff --git a/main/manager.c b/main/manager.c
index 65a47e8a5acff2732acdbbea8a9a2e6dc95787d3..6d4ab0a8ac1194a6fbc7ce8f5c3bbc9532c19029 100644 (file)
--- a/main/manager.c
+++ b/main/manager.c
@@ -2017,24 +2017,6 @@ static int action_originate(struct mansession *s, const struct message *m)
                format = 0;
                ast_parse_allow_disallow(NULL, &format, codecs, 1);
        }
-       if (!ast_strlen_zero(app)) {
-               /* To run the System application (or anything else that goes to
-                * shell), you must have the additional System privilege */
-               if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
-                       && (
-                               strcasestr(app, "system") == 0 || /* System(rm -rf /)
-                                                                    TrySystem(rm -rf /)       */
-                               strcasestr(app, "exec") ||        /* Exec(System(rm -rf /))
-                                                                    TryExec(System(rm -rf /)) */
-                               strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
-                                                                    EAGI(/bin/rm,-rf /)       */
-                               strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
-                               strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
-                               )) {
-                       astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have.");
-                       return 0;
-               }
-       }
        /* Allocate requested channel variables */
        vars = astman_get_variables(m);
 
Mirror of https://github.com/asterisk/asterisk.git