security: Inhibit execution of privilege escalating functions

This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-10-21 12:30:41 +00:00 · 2013-12-16 19:11:51 +00:00
parent 00dcee2a64
commit 744556c01d
12 changed files with 418 additions and 37 deletions
--- a/configs/asterisk.conf.sample
+++ b/configs/asterisk.conf.sample
@@ -83,6 +83,12 @@ documentation_language = en_US	; Set the language you want documentation
 				; gosub - Invoke the stdexten using a gosub as
 				;         documented in extensions.conf.sample.
 				; Default gosub.
+;live_dangerously = no		; Enable the execution of 'dangerous' dialplan
+				; functions from external sources (AMI,
+				; etc.) These functions (such as SHELL) are
+				; considered dangerous because they can allow
+				; privilege escalation.
+				; Default yes, for backward compatability.

 ; Changing the following lines may compromise your security.
 ;[files]