The execution of rpc commands has to be protected/firewalled anyhow, there are commands that can kill kamailio or old commands that write to file (e.g, dlg.dump_file). Also, the rpc over fifo writes to a file the response. The rpc interface was designed to be used only by trusted apps, being them restricted by firewal or OS permissions.
For more flexibility in setting "I want to be able to ..." rules, of course contributions are more than welcome. Cheers, Daniel On 09.10.23 14:40, Olle E. Johansson via sr-dev wrote: > > >> On 9 Oct 2023, at 14:08, Daniel-Constantin Mierla via sr-dev >> <sr-dev@lists.kamailio.org> wrote: >> >> corex: rpc command to print shm status report to file based on filter > > How do we restrict this? I find it kind of scary that an external app > can force kamailio to write > to files in the file system. > > - I want to be able to disable it in modparam > - I want to be able to restrict the directory Kamailio can write in > - I want to be able to restrict sizes > > /O > > _______________________________________________ > Kamailio (SER) - Development Mailing List > To unsubscribe send an email to sr-dev-le...@lists.kamailio.org -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy and Development Services Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com
_______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
