kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-04 11:58:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

asterisk.c: Add option to restrict shell access from remote consoles.

Browse Source 
UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.

Resolves: #GHSA-c7p6-7mvq-8jq2
This commit is contained in:
George Joseph
2025-05-19 08:16:53 -06:00
committed by George Joseph
parent ae43a91f4a
commit ba298b713b
5 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
main/asterisk.c
View File

@@ -578,6 +578,8 @@ static char *handle_show_settings(struct ast_cli_entry *e, int cmd, struct ast_c
ast_cli(a->fd, " RTP dynamic payload types: %u-%u\n",
AST_RTP_PT_FIRST_DYNAMIC, AST_RTP_MAX_PT - 1);
}
ast_cli(a->fd, " Shell on remote consoles: %s\n",
ast_option_disable_remote_console_shell ? "Disabled" : "Enabled");
ast_cli(a->fd, "\n* Subsystems\n");
ast_cli(a->fd, " -------------\n");
@@ -2334,6 +2336,10 @@ static int remoteconsolehandler(const char *s)
/* The real handler for bang */
if (s[0] == '!') {
if (ast_option_disable_remote_console_shell) {
printf("Shell access is disabled on remote consoles\n");
return 1;
}
if (s[1])
ast_safe_system(s+1);
else