Files
asterisk/configs
David M. Lee 99267c7a7b security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.

A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.

Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.

(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@403913 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2013-12-16 16:36:52 +00:00
..
2011-06-20 18:12:32 +00:00
2013-07-10 01:41:42 +00:00