git.ipfire.org Git - thirdparty/asterisk.git/commit

author	David M. Lee <dlee@digium.com>
	Mon, 16 Dec 2013 17:02:01 +0000 (17:02 +0000)
committer	David M. Lee <dlee@digium.com>
	Mon, 16 Dec 2013 17:02:01 +0000 (17:02 +0000)
commit	c22385515cc53d73fa5f40c6fc04860ef408a53a
tree	a058c22d3a57e506eed4d3dba4b7378e9264cf27	tree
parent	4865825a487e6fa108424f090495647db042768c	commit \| diff

security: Inhibit execution of privilege escalating functions

This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.

A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.

Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.

(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........

Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@403915 65c4cc65-6c06-0410-ace0-fbb531ad65f3

README-SERIOUSLY.bestpractices.txt		diff \| blob \| blame \| history
UPGRADE.txt		diff \| blob \| blame \| history
configs/asterisk.conf.sample		diff \| blob \| blame \| history
funcs/func_db.c		diff \| blob \| blame \| history
funcs/func_env.c		diff \| blob \| blame \| history
funcs/func_lock.c		diff \| blob \| blame \| history
funcs/func_realtime.c		diff \| blob \| blame \| history
funcs/func_shell.c		diff \| blob \| blame \| history
include/asterisk/pbx.h		diff \| blob \| blame \| history
main/asterisk.c		diff \| blob \| blame \| history
main/pbx.c		diff \| blob \| blame \| history
main/tcptls.c		diff \| blob \| blame \| history