From: Matthew Nicholson Date: Mon, 25 Apr 2011 16:14:21 +0000 (+0000) Subject: Reverted part of r314607, as it can introduce a regression. X-Git-Tag: 1.4.42-rc1~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94fa98557d336ada220ead0172e77ebba02f23a4;p=thirdparty%2Fasterisk.git Reverted part of r314607, as it can introduce a regression. Specifically, the security check for the "system" privilege was removed. If a user had the "call" privilege but not the "system" privilege, they would loose the ability to execute the system app and dialplan functions that run commands in a shell. This branch never used the "system" privilege for that purpose and did not need to be patched. AST-2011-006 (related to issue 0018787) Reported by: kobaz git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@315147 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/main/manager.c b/main/manager.c index 65a47e8a5a..6d4ab0a8ac 100644 --- a/main/manager.c +++ b/main/manager.c @@ -2017,24 +2017,6 @@ static int action_originate(struct mansession *s, const struct message *m) format = 0; ast_parse_allow_disallow(NULL, &format, codecs, 1); } - if (!ast_strlen_zero(app)) { - /* To run the System application (or anything else that goes to - * shell), you must have the additional System privilege */ - if (!(s->session->writeperm & EVENT_FLAG_SYSTEM) - && ( - strcasestr(app, "system") == 0 || /* System(rm -rf /) - TrySystem(rm -rf /) */ - strcasestr(app, "exec") || /* Exec(System(rm -rf /)) - TryExec(System(rm -rf /)) */ - strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /) - EAGI(/bin/rm,-rf /) */ - strstr(appdata, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */ - strstr(appdata, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ - )) { - astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have."); - return 0; - } - } /* Allocate requested channel variables */ vars = astman_get_variables(m);