]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb732e4) | patch
manager.c: Prevent the Originate action from running the Originate app
authorGeorge Joseph <gjoseph@digium.com>
Thu, 24 Oct 2019 17:41:23 +0000 (11:41 -0600)
committerGerrit <noreply@gerrit.asterisk.org>
Thu, 21 Nov 2019 15:40:28 +0000 (09:40 -0600)
commit1b9281a5ded62e5d30af2959e5aa33bc5a0fc285
tree4f64f1e77030e5552a44e99a90a430b15a5eed00tree
parentbb732e4292f4d84e5cca5f58b43d8c082c64ba23commit | diff
manager.c:  Prevent the Originate action from running the Originate app

If an AMI user without the "system" authorization calls the
Originate AMI command with the Originate application,
the second Originate could run the "System" command.

Action: Originate
Channel: Local/1111
Application: Originate
Data: Local/2222,app,System,touch /tmp/owned

If the "system" authorization isn't set, we now block the
Originate app as well as the System, Exec, etc. apps.

ASTERISK-28580
Reported by: Eliel SardaƱons

Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
doc/UPGRADE-staging/AMI-Originate.txt [new file with mode: 0644] blob
main/manager.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git