freepbx packages - soon

Tzafrir Cohen tzafrir.cohen at xorcom.com
Wed Mar 22 16:49:41 UTC 2006 

On Wed, Mar 22, 2006 at 06:28:10PM +0200, Diego Iastrubni wrote:
> Lionel Elie Mamane wrote:
> 
> >On Mon, Mar 20, 2006 at 10:21:51AM +0200, Diego Iastrubni wrote:
> >
> >>One of the ugliest things is that the package will modify the user
> >>www-data and add it to the group "asterisk". This is the only way
> >>for users to be able to modify asterisk files from the web. Way
> >>ugly, but must be done.
> >
> >It is above all highly insecure.
> >
> I know this. I am hoping to hear a better solution.
> 
> Just to be clear, this is how freepbx works:
> 
> 1) User sees information which is pulled out of mysql
> 
> 2) User modifies information into mysql
> 
> 3) User presses "ok" -> all  the configuration is saved into 
> /etc/asterisk/*.conf
> 
> stage 3 is the problematic. This is executed by a php-cli script which 
> MUST have write access to those files.

asterisk 1.2 has an #exec directive to generate configs at reload time
(not to mention static real-time). Have you considered those?

> 
> There is also another package called Asterisk Recording Interface, which 
> has direct access to the voicemail files.

Hmmm, voicemail.conf is one sore point. IIRC AMP writes there as well.
Asterisk's little vmail.cgi script writes there as well.

What type of access is needed there? I'm trying to figure out if this
can be solved by means of an an asterisk application that will be
accessible through e.g. the manager interface.

In fact, the overly-bloted voicemail app has all the required
functionality and "all that is needed" is exposing it, right?

> 
> Using those GUIs is a risk, but IMHO whoever wants them will get them, 
> even with all those sequerity holes.

Let's see if there is a clear separation between the GUI and Asterisk.

The GUI sets up a custum dialplan snippet for Asterisk. If you can set
up a dialplan snippet, you can practically run your own code as the
asterisk user.

Another hole is the manager interface. The current configuration of AMP
is to give AMP's user all the read and write priviliges of the manager
interface. So a malicious GUI can inject custom commands through there
as well. How much of that is really needed?

The interface here is basically to dump the configuration from the
database to config files.

destar, BTW, is another asterisk configu GUI for which we have a
package here. It runs in a daemon of its own and thus the problem is not
as accute. It is a member of the group asterisk. At the time I thought 
(and still do) that there is no point for further separation there.

-- 
Tzafrir Cohen     icq#16849755  +972-50-7952406
tzafrir.cohen at xorcom.com  http://www.xorcom.com

More information about the Pkg-voip-maintainers mailing list