Permission checking for the system application is backwards.
(closes issue #17550) Reported by: kenner Patches: manager.c.diff uploaded by kenner (license 1040) Tested by: kenner git-svn-id: http://svn.digium.com/svn/asterisk/trunk@273144 f38db490-d61c-443f-a65b-d21fe96a405b
This commit is contained in:
parent
d2601fd10e
commit
1c583ebb30
|
@ -3893,7 +3893,7 @@ static int action_originate(struct mansession *s, const struct message *m)
|
|||
/* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
|
||||
if (!(s->session->writeperm & EVENT_FLAG_SYSTEM)
|
||||
&& (
|
||||
strcasestr(app, "system") == 0 || /* System(rm -rf /)
|
||||
strcasestr(app, "system") || /* System(rm -rf /)
|
||||
TrySystem(rm -rf /) */
|
||||
strcasestr(app, "exec") || /* Exec(System(rm -rf /))
|
||||
TryExec(System(rm -rf /)) */
|
||||
|
|
Reference in New Issue