From ba298b713b979ebcee7dcf7cc9b03599ee4120b5 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Mon, 19 May 2025 08:16:53 -0600 Subject: [PATCH] asterisk.c: Add option to restrict shell access from remote consoles. UserNote: A new asterisk.conf option 'disable_remote_console_shell' has been added that, when set, will prevent remote consoles from executing shell commands using the '!' prefix. Resolves: #GHSA-c7p6-7mvq-8jq2 --- configs/samples/asterisk.conf.sample | 3 +++ configs/samples/cli_permissions.conf.sample | 5 +++++ include/asterisk/options.h | 2 ++ main/asterisk.c | 6 ++++++ main/options.c | 5 ++++- 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/configs/samples/asterisk.conf.sample b/configs/samples/asterisk.conf.sample index f7b5bae980..23f7d1a442 100644 --- a/configs/samples/asterisk.conf.sample +++ b/configs/samples/asterisk.conf.sample @@ -132,6 +132,9 @@ documentation_language = en_US ; Set the language you want documentation ; cause Asterisk to search for sounds files in ; AST_DATA_DIR/sounds/custom before searching the ; normal directories like AST_DATA_DIR/sounds/. +;disable_remote_console_shell = no; Prevent remote console CLI sessions + ; from executing shell commands with the '!' prefix. + ; Default: no ; Changing the following lines may compromise your security. ;[files] diff --git a/configs/samples/cli_permissions.conf.sample b/configs/samples/cli_permissions.conf.sample index 9f69e1c9ab..5000e489e9 100644 --- a/configs/samples/cli_permissions.conf.sample +++ b/configs/samples/cli_permissions.conf.sample @@ -19,6 +19,11 @@ ; deny = | all ; disallow the user to run 'command' | ; ; disallow the user to run 'all' commands. ; +; NOTE: This file can't be used to restict the use of the '!' prefix +; for running shell commands from the CLI. You can however disable the +; use of the shell commands in remote consoles altogether by setting +; the 'disable_remote_console_shell' parameter in asterisk.conf to 'yes'. +; [general] diff --git a/include/asterisk/options.h b/include/asterisk/options.h index 315788386d..77175c9e52 100644 --- a/include/asterisk/options.h +++ b/include/asterisk/options.h @@ -210,6 +210,8 @@ extern int ast_language_is_prefix; extern int ast_option_rtpusedynamic; extern unsigned int ast_option_rtpptdynamic; +extern int ast_option_disable_remote_console_shell; + #if defined(__cplusplus) || defined(c_plusplus) } #endif diff --git a/main/asterisk.c b/main/asterisk.c index b0f8a14311..cda520acc0 100644 --- a/main/asterisk.c +++ b/main/asterisk.c @@ -578,6 +578,8 @@ static char *handle_show_settings(struct ast_cli_entry *e, int cmd, struct ast_c ast_cli(a->fd, " RTP dynamic payload types: %u-%u\n", AST_RTP_PT_FIRST_DYNAMIC, AST_RTP_MAX_PT - 1); } + ast_cli(a->fd, " Shell on remote consoles: %s\n", + ast_option_disable_remote_console_shell ? "Disabled" : "Enabled"); ast_cli(a->fd, "\n* Subsystems\n"); ast_cli(a->fd, " -------------\n"); @@ -2334,6 +2336,10 @@ static int remoteconsolehandler(const char *s) /* The real handler for bang */ if (s[0] == '!') { + if (ast_option_disable_remote_console_shell) { + printf("Shell access is disabled on remote consoles\n"); + return 1; + } if (s[1]) ast_safe_system(s+1); else diff --git a/main/options.c b/main/options.c index 6787d1b3cd..8b673ad738 100644 --- a/main/options.c +++ b/main/options.c @@ -87,7 +87,7 @@ long option_minmemfree; #endif int ast_option_rtpusedynamic = 1; unsigned int ast_option_rtpptdynamic = 35; - +int ast_option_disable_remote_console_shell = 0; /*! @} */ struct ast_eid ast_eid_default; @@ -223,6 +223,7 @@ void load_asterisk_conf(void) int option_trace_new = 0; int option_verbose_new = 0; + /* init with buildtime config */ #ifdef REF_DEBUG /* The REF_DEBUG compiler flag is now only used to enable refdebug by default. @@ -474,6 +475,8 @@ void load_asterisk_conf(void) ast_set2_flag(&ast_options, ast_true(v->value), AST_OPT_FLAG_HIDE_MESSAGING_AMI_EVENTS); } else if (!strcasecmp(v->name, "sounds_search_custom_dir")) { ast_set2_flag(&ast_options, ast_true(v->value), AST_OPT_FLAG_SOUNDS_SEARCH_CUSTOM); + } else if (!strcasecmp(v->name, "disable_remote_console_shell")) { + ast_option_disable_remote_console_shell = ast_true(v->value); } } if (!ast_opt_remote) { -- 2.47.2