On Tue, Nov 04, 2008 at 04:31:58PM -0600, Tilghman Lesher wrote: > On Tuesday 04 November 2008 15:52:10 Ruddy Gbaguidi wrote: > > Did you know that any commandyou type in asterisk cli starting with > > exclamation point (!) is execute in the shell by asterisk ?? > > Example : > > running > > !ls > > will run 'ls' in your current directory > > > > So, be aware because your user can do whatever we want then. > > Yes, but remote commands are executed as whatever user is running the > remote command, which is NOT necessarily the same as root. You can open > up the permissions of the asterisk.ctl pipe file to allow another group to > connect.
'!' is not a remote command. If you login as asteriskcli and asterisk is running as the user asteriskd, '!ls' and '!rm whatever' will be executed through /bin/sh by the user asteriskcli . Anything you can cause Asterisk to run through the dialplan, originate and such would be run by asteriskd. So it doesn't buy you much vs. creating a standard user account. -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users