Security related stuff for Asterisk Manager ---------- Forwarded message ---------- From: Brandon Kruse <[EMAIL PROTECTED]> Date: May 30, 2007 11:27 PM Subject: Re: [asterisk-gui] "Asterisk GUI" and security suggestions To: Asterisk GUI project discussion <[email protected]>
First of, If it can be done through the GUI, it can be done through manager. With manager, you can build contexts like the following pari posted and do an action: originate on port 5038. If you give manager logins to people you are not supposed to, or do not practice normal and safe security measurements in doing so ( passwords longer than 4 characters is a start. If asterisk is running as root, only let root open and view and edit manager.conf ) The basis is, the context can be built anyways, and then execute is the potential penetrator is smart enough. My two cents, im open for suggestions! Mine was, lets work and figure out the different permissions available to manager.conf. For example the read, write, execute, command, etc etc. -bkruse ----- Original Message ----- From: "Pari Nannapaneni" <[EMAIL PROTECTED]> To: "Asterisk GUI project discussion" <[email protected]> Sent: Wednesday, May 30, 2007 1:24:55 PM (GMT-0800) America/Tijuana Subject: [asterisk-gui] "Asterisk GUI" and security suggestions Hi everyone, I got comments from a couple of people saying that the way GUI executes system scripts is going to be a security concern. The AsteriskGUI automatically adds the following context if it's not found in extensions.conf [asterisk_guitools] exten = executecommand,1,System(${command}) exten = executecommand,n,Hangup() and the GUI executes commands/scripts on the local machine by sending a GET command like action = originate & channel = Local/[EMAIL PROTECTED] & Variable = "command=sh whatever.sh" & .... So, I am thinking of - adding this context on login into the GUI and removing it onLogout. This is definitely not the solution for the actual problem, but it will prevent the security problems once the system is configured. are there any other ways to improve/replace this in the GUI ? -Pari _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-gui mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-gui _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-gui mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-gui
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-gui mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-gui
