Permission checking for the system application is backwards.
(closes issue #17550) Reported by: kenner Patches: manager.c.diff uploaded by kenner (license 1040) Tested by: kenner git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@273144 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
parent
c8b8c90f99
commit
aed189605b
|
@ -3893,7 +3893,7 @@ static int action_originate(struct mansession *s, const struct message *m)
|
||||||
/* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
|
/* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
|
||||||
if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
|
if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
|
||||||
&& (
|
&& (
|
||||||
strcasestr(app, "system") == 0 || /* System(rm -rf /)
|
strcasestr(app, "system") || /* System(rm -rf /)
|
||||||
TrySystem(rm -rf /) */
|
TrySystem(rm -rf /) */
|
||||||
strcasestr(app, "exec") || /* Exec(System(rm -rf /))
|
strcasestr(app, "exec") || /* Exec(System(rm -rf /))
|
||||||
TryExec(System(rm -rf /)) */
|
TryExec(System(rm -rf /)) */
|
||||||
|
|
Loading…
Reference in New Issue