Did you know that any commandyou type in asterisk cli starting with exclamation point (!) is execute in the shell by asterisk ?? Example : running !ls will run 'ls' in your current directory
So, be aware because your user can do whatever we want then. Dima wrote: >> On Sat, Nov 01, 2008 at 12:38:52AM +0100, Dima wrote: >> >>> Setting the user's shell to /usr/sbin/rasterisk works. On login user >>> gets into asterisk CLI if asterisk is running (user just has to have >>> write permission to /var/lib/asterisk.*). >>> >> How does that user "login"? >> >> > > client$ ssh [EMAIL PROTECTED] > password: > > Asterisk SVN-branch-1.4-r137138, Copyright (C) 1999 - 2008 Digium, Inc. > and others. > ....... > Verbosity is at least 9 > asterisk.machine*CLI> > > > >> CLI has the ability to create extensions, extensions which could execute the >> System application, pick up his phone, dial the extension, execute the >> command, and even cover his tracks by putting NoCDR in the extension path >> and removing the incriminating extension afterwards (again with the CLI). In >> 1.4, it's even easier: he can originate a call from the command line, >> perhaps >> even to a phone of a person he wanted to take the fall for his exploit. >> > > The person I'm giving the access to is an admin of that asterisk. It's > up to him to do evil stuff with asterisk itself. as long as he can't get > a shell and do "rm -rf /" I'm safe. > > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > ------------------------------------------------------------------------ > > > Internal Virus Database is out of date. > Checked by AVG. > Version: 8.0.100 / Virus Database: 269.23.16/1448 - Release Date: 5/16/2008 > 7:42 PM > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users