From 1b9281a5ded62e5d30af2959e5aa33bc5a0fc285 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Thu, 24 Oct 2019 11:41:23 -0600 Subject: [PATCH] manager.c: Prevent the Originate action from running the Originate app MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If an AMI user without the "system" authorization calls the Originate AMI command with the Originate application, the second Originate could run the "System" command. Action: Originate Channel: Local/1111 Application: Originate Data: Local/2222,app,System,touch /tmp/owned If the "system" authorization isn't set, we now block the Originate app as well as the System, Exec, etc. apps. ASTERISK-28580 Reported by: Eliel SardaƱons Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa --- doc/UPGRADE-staging/AMI-Originate.txt | 5 +++++ main/manager.c | 1 + 2 files changed, 6 insertions(+) create mode 100644 doc/UPGRADE-staging/AMI-Originate.txt diff --git a/doc/UPGRADE-staging/AMI-Originate.txt b/doc/UPGRADE-staging/AMI-Originate.txt new file mode 100644 index 0000000000..f2d3133098 --- /dev/null +++ b/doc/UPGRADE-staging/AMI-Originate.txt @@ -0,0 +1,5 @@ +Subject: AMI + +The AMI Originate action, which optionally takes a dialplan application as +an argument, no longer accepts "Originate" as the application due to +security concerns. diff --git a/main/manager.c b/main/manager.c index fc602bc32f..44e25b8e66 100644 --- a/main/manager.c +++ b/main/manager.c @@ -5708,6 +5708,7 @@ static int action_originate(struct mansession *s, const struct message *m) EAGI(/bin/rm,-rf /) */ strcasestr(app, "mixmonitor") || /* MixMonitor(blah,,rm -rf) */ strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */ + strcasestr(app, "originate") || /* Originate(Local/1234,app,System,rm -rf) */ (strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */ (strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ )) {