Summary: | ASTERISK-17384: [patch] Security issue in originate, system permission bypassed if using async | ||
Reporter: | Mark Murawski (kobaz) | Labels: | |
Date Opened: | 2011-02-10 15:33:49.000-0600 | Date Closed: | 2011-04-25 11:21:41 |
Priority: | Trivial | Regression? | No |
Status: | Closed/Complete | Components: | Core/ManagerInterface |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) manager-1.6.diff | |
Description: | If someone uses the async option in originate, the checks for executing system commands are not done. ****** ADDITIONAL INFORMATION ****** manager.c action_originate() if (ast_true(async)) { ... } } else if (!ast_strlen_zero(app)) { if (!(s->session->writeperm & EVENT_FLAG_SYSTEM) && ( strcasestr(app, "system") == 0 || /* System(rm -rf /) TrySystem(rm -rf /) */ strcasestr(app, "exec") || /* Exec(System(rm -rf /))....etc } the EVENT_FLAG_SYSTEM checks are done only if async is not used! This also affects 1.4/1.6/1.8/trunk but 1.4 in a different way, 1.4 doesn't have *any* EVENT_FLAG_SYSTEM checking in originate, but 1.4 does have the system permission in place. | ||
Comments: | By: Mark Murawski (kobaz) 2011-02-10 15:52:45.000-0600 Patch for 1.6.0, same changes need to be done on 1.6.1/1.6.2/1.8 and trunk. Testers needed. By: Mark Murawski (kobaz) 2011-02-10 17:53:31.000-0600 So... since this is private, I guess this doesn't go on the reviewboard? By: Digium Subversion (svnbot) 2011-04-21 13:19:25 Repository: asterisk Revision: 314607 U branches/1.4/channels/chan_skinny.c U branches/1.4/configs/http.conf.sample U branches/1.4/configs/skinny.conf.sample U branches/1.4/main/http.c U branches/1.4/main/manager.c ------------------------------------------------------------------------ r314607 | mnicholson | 2011-04-21 13:19:24 -0500 (Thu, 21 Apr 2011) | 14 lines Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so. Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action. AST-2011-005 AST-2011-006 (closes issue ASTERISK-17384) Reported by: kobaz (related to issue ASTERISK-17578) Reported by: tzafrir ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=314607 By: Digium Subversion (svnbot) 2011-04-21 13:22:21 Repository: asterisk Revision: 314620 _U branches/1.6.2/ U branches/1.6.2/channels/chan_sip.c U branches/1.6.2/channels/chan_skinny.c U branches/1.6.2/configs/http.conf.sample U branches/1.6.2/configs/sip.conf.sample U branches/1.6.2/configs/skinny.conf.sample U branches/1.6.2/main/http.c U branches/1.6.2/main/manager.c ------------------------------------------------------------------------ r314620 | mnicholson | 2011-04-21 13:22:20 -0500 (Thu, 21 Apr 2011) | 20 lines Merged revisions 314607 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r314607 | mnicholson | 2011-04-21 13:19:21 -0500 (Thu, 21 Apr 2011) | 14 lines Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so. Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action. AST-2011-005 AST-2011-006 (closes issue ASTERISK-17384) Reported by: kobaz (related to issue ASTERISK-17578) Reported by: tzafrir ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=314620 By: Digium Subversion (svnbot) 2011-04-21 13:24:07 Repository: asterisk Revision: 314628 _U branches/1.8/ U branches/1.8/channels/chan_sip.c U branches/1.8/channels/chan_skinny.c U branches/1.8/channels/sip/include/sip.h U branches/1.8/configs/http.conf.sample U branches/1.8/configs/sip.conf.sample U branches/1.8/configs/skinny.conf.sample U branches/1.8/main/http.c U branches/1.8/main/manager.c ------------------------------------------------------------------------ r314628 | mnicholson | 2011-04-21 13:24:07 -0500 (Thu, 21 Apr 2011) | 27 lines Merged revisions 314620 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ................ r314620 | mnicholson | 2011-04-21 13:22:19 -0500 (Thu, 21 Apr 2011) | 20 lines Merged revisions 314607 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r314607 | mnicholson | 2011-04-21 13:19:21 -0500 (Thu, 21 Apr 2011) | 14 lines Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so. Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action. AST-2011-005 AST-2011-006 (closes issue ASTERISK-17384) Reported by: kobaz (related to issue ASTERISK-17578) Reported by: tzafrir ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=314628 By: Digium Subversion (svnbot) 2011-04-21 13:32:55 Repository: asterisk Revision: 314666 _U trunk/ U trunk/channels/chan_sip.c U trunk/channels/chan_skinny.c U trunk/channels/sip/include/sip.h U trunk/configs/http.conf.sample U trunk/configs/sip.conf.sample U trunk/configs/skinny.conf.sample U trunk/main/http.c U trunk/main/manager.c ------------------------------------------------------------------------ r314666 | mnicholson | 2011-04-21 13:32:54 -0500 (Thu, 21 Apr 2011) | 34 lines Merged revisions 314628 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r314628 | mnicholson | 2011-04-21 13:24:05 -0500 (Thu, 21 Apr 2011) | 27 lines Merged revisions 314620 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ................ r314620 | mnicholson | 2011-04-21 13:22:19 -0500 (Thu, 21 Apr 2011) | 20 lines Merged revisions 314607 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r314607 | mnicholson | 2011-04-21 13:19:21 -0500 (Thu, 21 Apr 2011) | 14 lines Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so. Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action. AST-2011-005 AST-2011-006 (closes issue ASTERISK-17384) Reported by: kobaz (related to issue ASTERISK-17578) Reported by: tzafrir ........ ................ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=314666 By: Digium Subversion (svnbot) 2011-04-21 13:49:57 Repository: asterisk Revision: 314685 U branches/1.6.1/channels/chan_sip.c U branches/1.6.1/channels/chan_skinny.c U branches/1.6.1/configs/http.conf.sample U branches/1.6.1/configs/sip.conf.sample U branches/1.6.1/configs/skinny.conf.sample U branches/1.6.1/main/manager.c ------------------------------------------------------------------------ r314685 | mnicholson | 2011-04-21 13:49:56 -0500 (Thu, 21 Apr 2011) | 14 lines Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so. Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action. AST-2011-005 AST-2011-006 (closes issue ASTERISK-17384) Reported by: kobaz (related to issue ASTERISK-17578) Reported by: tzafrir ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=314685 By: Digium Subversion (svnbot) 2011-04-25 11:21:41 Repository: asterisk Revision: 315147 U branches/1.4/main/manager.c ------------------------------------------------------------------------ r315147 | mnicholson | 2011-04-25 11:14:21 -0500 (Mon, 25 Apr 2011) | 9 lines Reverted part of r314607, as it can introduce a regression. Specifically, the security check for the "system" privilege was reverted. AST-2011-006 (related to issue ASTERISK-17384) Reported by: kobaz ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=315147 |