mirror of
https://github.com/asterisk/asterisk.git
synced 2025-11-17 07:18:15 +00:00
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
David M. Lee
@@ -140,6 +140,15 @@ struct ast_custom_function {
|
||||
/*! Write function, if write is supported */
|
||||
ast_acf_write_fn_t write; /*!< Write function, if write is supported */
|
||||
struct ast_module *mod; /*!< Module this custom function belongs to */
|
||||
unsigned int read_escalates:1; /*!< The read function is to be considered
|
||||
* 'dangerous', and should not be run directly
|
||||
* from external interfaces (AMI, ARI, etc.)
|
||||
* \since 12 */
|
||||
unsigned int write_escalates:1; /*!< The write function is to be considerd
|
||||
* 'dangerous', and should not be run directly
|
||||
* from external interfaces (AMI, ARI, etc.)
|
||||
* \since 12 */
|
||||
|
||||
AST_RWLIST_ENTRY(ast_custom_function) acflist;
|
||||
};
|
||||
|
||||
@@ -1366,16 +1375,44 @@ struct ast_custom_function* ast_custom_function_find(const char *name);
|
||||
*/
|
||||
int ast_custom_function_unregister(struct ast_custom_function *acf);
|
||||
|
||||
/*!
|
||||
* \brief Description of the ways in which a function may escalate privileges.
|
||||
*/
|
||||
enum ast_custom_function_escalation {
|
||||
AST_CFE_NONE,
|
||||
AST_CFE_READ,
|
||||
AST_CFE_WRITE,
|
||||
AST_CFE_BOTH,
|
||||
};
|
||||
|
||||
/*!
|
||||
* \brief Register a custom function
|
||||
*/
|
||||
#define ast_custom_function_register(acf) __ast_custom_function_register(acf, ast_module_info->self)
|
||||
|
||||
/*!
|
||||
* \brief Register a custom function which requires escalated privileges.
|
||||
*
|
||||
* Examples would be SHELL() (for which a read needs permission to execute
|
||||
* arbitrary code) or FILE() (for which write needs permission to change files
|
||||
* on the filesystem).
|
||||
*/
|
||||
#define ast_custom_function_register_escalating(acf, escalation) __ast_custom_function_register_escalating(acf, escalation, ast_module_info->self)
|
||||
|
||||
/*!
|
||||
* \brief Register a custom function
|
||||
*/
|
||||
int __ast_custom_function_register(struct ast_custom_function *acf, struct ast_module *mod);
|
||||
|
||||
/*!
|
||||
* \brief Register a custom function which requires escalated privileges.
|
||||
*
|
||||
* Examples would be SHELL() (for which a read needs permission to execute
|
||||
* arbitrary code) or FILE() (for which write needs permission to change files
|
||||
* on the filesystem).
|
||||
*/
|
||||
int __ast_custom_function_register_escalating(struct ast_custom_function *acf, enum ast_custom_function_escalation escalation, struct ast_module *mod);
|
||||
|
||||
/*!
|
||||
* \brief Retrieve the number of active calls
|
||||
*/
|
||||
@@ -1489,6 +1526,32 @@ unsigned int ast_hashtab_hash_contexts(const void *obj);
|
||||
*/
|
||||
char *ast_complete_applications(const char *line, const char *word, int state);
|
||||
|
||||
/*!
|
||||
* \brief Enable/disable the execution of 'dangerous' functions from external
|
||||
* protocols (AMI, etc.).
|
||||
*
|
||||
* These dialplan functions (such as \c SHELL) provide an opportunity for
|
||||
* privilege escalation. They are okay to invoke from the dialplan, but external
|
||||
* protocols with permission controls should not normally invoke them.
|
||||
*
|
||||
* This function can globally enable/disable the execution of dangerous
|
||||
* functions from external protocols.
|
||||
*
|
||||
* \param new_live_dangerously If true, enable the execution of escalating
|
||||
* functions from external protocols.
|
||||
*/
|
||||
void pbx_live_dangerously(int new_live_dangerously);
|
||||
|
||||
/*!
|
||||
* \brief Inhibit (in the current thread) the execution of dialplan functions
|
||||
* which cause privilege escalations. If pbx_live_dangerously() has been
|
||||
* called, this function has no effect.
|
||||
*
|
||||
* \return 0 if successfuly marked current thread.
|
||||
* \return Non-zero if marking current thread failed.
|
||||
*/
|
||||
int ast_thread_inhibit_escalations(void);
|
||||
|
||||
#if defined(__cplusplus) || defined(c_plusplus)
|
||||
}
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user