kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-30 02:26:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

asterisk.c: Add option to restrict shell access from remote consoles.

Browse Source 
UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.

Resolves: #GHSA-c7p6-7mvq-8jq2
This commit is contained in:
George Joseph
2025-05-19 08:16:53 -06:00
committed by github-actions[bot]
parent 67360eb671
commit 3a5ffe2842
5 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
main/asterisk.c
View File

@@ -581,6 +581,8 @@ static char *handle_show_settings(struct ast_cli_entry *e, int cmd, struct ast_c
}
ast_cli(a->fd, " Channel storage backend: %s\n",
ast_channel_get_current_storage_driver_name());
ast_cli(a->fd, " Shell on remote consoles: %s\n",
ast_option_disable_remote_console_shell ? "Disabled" : "Enabled");
ast_cli(a->fd, "\n* Subsystems\n");
ast_cli(a->fd, " -------------\n");
@@ -2337,6 +2339,10 @@ static int remoteconsolehandler(const char *s)
/* The real handler for bang */
if (s[0] == '!') {
if (ast_option_disable_remote_console_shell) {
printf("Shell access is disabled on remote consoles\n");
return 1;
}
if (s[1])
ast_safe_system(s+1);
else