> On 9 Oct 2023, at 15:45, Daniel-Constantin Mierla <mico...@gmail.com> wrote: > > The execution of rpc commands has to be protected/firewalled anyhow, there > are commands that can kill kamailio or old commands that write to file (e.g, > dlg.dump_file). Also, the rpc over fifo writes to a file the response. The > rpc interface was designed to be used only by trusted apps, being them > restricted by firewal or OS permissions. > I tried to avoid opening the old can of worms, more question if it’s a good thing to continue down that path without protections. You are right, there are a lot of bad things one can do, so maybe we have to live with it. At some point maybe add a light level of authorization. > For more flexibility in setting "I want to be able to ..." rules, of course > contributions are more than welcome. > As always!
…which is one of the reasons I’m dropping the ideas on the mailing list for everyone to consider… :-) /O > Cheers, > Daniel > > > > On 09.10.23 14:40, Olle E. Johansson via sr-dev wrote: >> >> >>> On 9 Oct 2023, at 14:08, Daniel-Constantin Mierla via sr-dev >>> <sr-dev@lists.kamailio.org> <mailto:sr-dev@lists.kamailio.org> wrote: >>> >>> corex: rpc command to print shm status report to file based on filter >> >> How do we restrict this? I find it kind of scary that an external app can >> force kamailio to write >> to files in the file system. >> >> - I want to be able to disable it in modparam >> - I want to be able to restrict the directory Kamailio can write in >> - I want to be able to restrict sizes >> >> /O >> >> >> _______________________________________________ >> Kamailio (SER) - Development Mailing List >> To unsubscribe send an email to sr-dev-le...@lists.kamailio.org >> <mailto:sr-dev-le...@lists.kamailio.org> > -- > Daniel-Constantin Mierla (@ asipto.com) > twitter.com/miconda -- linkedin.com/in/miconda > Kamailio Consultancy and Development Services > Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com
_______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
