mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-03 11:25:35 +00:00
manager: prevent file access outside of config dir
Add live_dangerously flag to manager and use this flag to
determine if a configuation file outside of AST_CONFIG_DIR
should be read.
ASTERISK-30176
Change-Id: I46b26af4047433b49ae5c8a85cb8cda806a07404
(cherry picked from commit 81f10e847e)
This commit is contained in:
Mike Bradeen
committed by
George Joseph
George Joseph
parent
120aca73ba
commit
c59eb7e6d8
8
doc/UPGRADE-staging/manager_config_live_dangerously.txt
Normal file
8
doc/UPGRADE-staging/manager_config_live_dangerously.txt
Normal file
@@ -0,0 +1,8 @@
|
||||
Subject: AMI (Asterisk Manager Interface)
|
||||
|
||||
Previously, GetConfig and UpdateConfig were able to access files outside of
|
||||
the Asterisk configuration directory. Now this access is put behind the
|
||||
live_dangerously configuration option in asterisk.conf, which is disabled by
|
||||
default. If access to configuration files outside of the Asterisk configuation
|
||||
directory is required via AMI, then the live_dangerously configuration option
|
||||
must be set to yes.
|
||||
Reference in New Issue
Block a user