Re: [asterisk-users] ! Command from -rx?
On Mon, Aug 06, 2007 at 10:44:47AM +1200, Matt Riddell wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Tzafrir Cohen wrote: > > > > What do you need that for? > > > > '!' is pointless with asterisk -rx: with asterisk -r, '!' runs a local > > command in a subshell (or starts a new subshell) by the local cleint > > asterisk. It does nothing by the server. > > > > So you might as well just run: > > > > ls > > Unless somehow he has access to the Asterisk console from a non root > account and Asterisk is running as root and he wants to execute > something as root. > > I would have thought though that if Asterisk is running as root, he'd > need to be root to access the console. To gain acces to the terminal the asterisk console is running in, all you need is physical access there. If you want to be able to open a remote asterisk terminal, you should be able to write to the asterisk.ctl socket. If asterisk is run as root (as it should be normally be - it will drop unnecessary permissions right at startup), then the permissions on that file are set by configuration items for [file] in /etc/asterisk/asterisk.conf - ;astctlpermissions = 0660 ;astctlowner = root ;astctlgroup = asterisk ;astctl = asterisk.ctl (See asterisk-conf.txt in the doc/ directory) But then again, the '!' command in the CLI means something that has nothing to do with executing commands by the main asterisk process. It is a "shell escaple": When you work on a remote program you sometimes want to execute a simple local shell command. There's not much securty breach here because it is done locally. The '!' is done purly locally and the asterisk server doesn't even hear about this. So even if asterisk is root and you're nobody, the '!' here is no security breach - all you can do with '!' is run commands as 'nobody' . (Don't get me wrong: the situation described above *is* a security breach. Mr. nobody can, say, originate a call to the application System) -- Tzafrir Cohen icq#16849755jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] ! Command from -rx?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tzafrir Cohen wrote: > > What do you need that for? > > '!' is pointless with asterisk -rx: with asterisk -r, '!' runs a local > command in a subshel (or starts a new subshell) by the local cleint > asterisk. It does nothing by the server. > > So you might as well just run: > > ls Unless somehow he has access to the Asterisk console from a non root account and Asterisk is running as root and he wants to execute something as root. I would have thought though that if Asterisk is running as root, he'd need to be root to access the console. - -- Kind Regards, Matt Riddell Director ___ http://www.venturevoip.com (Great new VoIP end to end solution) http://www.venturevoip.com/news.php (Daily Asterisk News - html) http://feeds.venturevoip.com/AsteriskNews (Daily Asterisk News - rss) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGtlLfDQNt8rg0Kp4RAtrjAJ9UaRtYSThbCc59igXT5Kv3cEjtzACgori7 LxKK2JWHtNLK3dovj3SkiHE= =yTPn -END PGP SIGNATURE- ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] ! Command from -rx?
On Sat, Aug 04, 2007 at 10:05:34PM -0400, Baji Panchumarti wrote: > On 8/4/07, Matt wrote: > > > This may sound stupid.. so bear with me for a moment. > > > > Assuming the only access I have to a machine is through asterisk -rx > > can I use the ! command? > > > > asterisk -rx help > > > > includes the ! command, but I can't seem to get it to work ie: > > > > asterisk -rx "! ls" > > > > Any help? > > asterisk -rx `! ls > myout.txt` Huh? Those are backticks. They get translated by the shell (e.g.: bash) to "the output of the command '! ls > myout.txt'" It seems that the '!' is interpeded here as a command, rather than as a part of history substitusion. See: $ echo `!ls` bash: !ls`: event not found $ echo `! ls` bash: echo: command not found As that specific command's output is redirected to a file, it will be expanded to: asterisk -rx '' Which is probably not what you wanted. > > will save the output in myout.txt > > asterisk -rx "`! ls`" Here the results will actually be the same, because '! ls' will not produce any output. But if it did, e.g: asterisk -rx "`ls`" you'd probably notice that asterisk normally doesn't like an arbitrary list of files as comands. -- Tzafrir Cohen icq#16849755jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] ! Command from -rx?
On Sat, Aug 04, 2007 at 09:16:22PM -0400, Matt wrote: > This may sound stupid.. so bear with me for a moment. > > Assuming the only access I have to a machine is through asterisk -rx > can I use the ! command? > > asterisk -rx help > > includes the ! command, but I can't seem to get it to work ie: > > asterisk -rx "! ls" What do you need that for? '!' is pointless with asterisk -rx: with asterisk -r, '!' runs a local command in a subshel (or starts a new subshell) by the local cleint asterisk. It does nothing by the server. So you might as well just run: ls -- Tzafrir Cohen icq#16849755jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] ! Command from -rx?
On 8/4/07, Matt wrote: > This may sound stupid.. so bear with me for a moment. > > Assuming the only access I have to a machine is through asterisk -rx > can I use the ! command? > > asterisk -rx help > > includes the ! command, but I can't seem to get it to work ie: > > asterisk -rx "! ls" > > Any help? asterisk -rx `! ls > myout.txt` will save the output in myout.txt asterisk -rx "`! ls`" will give the command output sandwiched between * msgs. reduce *'s verbosity and you may have what you need. -- ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] ! Command from -rx?
This may sound stupid.. so bear with me for a moment. Assuming the only access I have to a machine is through asterisk -rx can I use the ! command? asterisk -rx help includes the ! command, but I can't seem to get it to work ie: asterisk -rx "! ls" Any help? ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users