From 94fa98557d336ada220ead0172e77ebba02f23a4 Mon Sep 17 00:00:00 2001 From: Matthew Nicholson Date: Mon, 25 Apr 2011 16:14:21 +0000 Subject: [PATCH] Reverted part of r314607, as it can introduce a regression. Specifically, the security check for the "system" privilege was removed. If a user had the "call" privilege but not the "system" privilege, they would loose the ability to execute the system app and dialplan functions that run commands in a shell. This branch never used the "system" privilege for that purpose and did not need to be patched. AST-2011-006 (related to issue 0018787) Reported by: kobaz git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@315147 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- main/manager.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/main/manager.c b/main/manager.c index 65a47e8a5a..6d4ab0a8ac 100644 --- a/main/manager.c +++ b/main/manager.c @@ -2017,24 +2017,6 @@ static int action_originate(struct mansession *s, const struct message *m) format = 0; ast_parse_allow_disallow(NULL, &format, codecs, 1); } - if (!ast_strlen_zero(app)) { - /* To run the System application (or anything else that goes to - * shell), you must have the additional System privilege */ - if (!(s->session->writeperm & EVENT_FLAG_SYSTEM) - && ( - strcasestr(app, "system") == 0 || /* System(rm -rf /) - TrySystem(rm -rf /) */ - strcasestr(app, "exec") || /* Exec(System(rm -rf /)) - TryExec(System(rm -rf /)) */ - strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /) - EAGI(/bin/rm,-rf /) */ - strstr(appdata, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */ - strstr(appdata, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ - )) { - astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have."); - return 0; - } - } /* Allocate requested channel variables */ vars = astman_get_variables(m); -- 2.47.2