----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4023/#review13385 -----------------------------------------------------------
I believe this change would allow AMI users to execute arbitrary commands on the Asterisk server (security risk). The ability to SetVar CONFBRIDGE(bridge,record_command) from AMI would need to be blocked when asterisk.conf has live_dangerously=no. - Corey Farrell On Sept. 26, 2014, 12:23 a.m., gareth wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviewboard.asterisk.org/r/4023/ > ----------------------------------------------------------- > > (Updated Sept. 26, 2014, 12:23 a.m.) > > > Review request for Asterisk Developers. > > > Bugs: ASTERISK-24351 > https://issues.asterisk.org/jira/browse/ASTERISK-24351 > > > Repository: Asterisk > > > Description > ------- > > This patch adds the ability to pass options and a command to MixMontor when > recording a conference using ConfBridge. > > New options are - > > record_options: Options to MixMontor, eg: m(), W() etc. > record_command: The command to execute when recording is over. > > eg: Set(CONFBRIDGE(bridge,record_command)=/path/to/command > ^{MIXMONITOR_FILENAME})) > > Note: > > The current behavior of set_rec_filename is to always append a timestamp to > rec_file. This is desirable for dynamically generated rec_file, but doesn't > make sense for a user-supplied rec_file and the documenation does not mention > that it does this either. > > So the patch changes set_rec_filename to use the user-supplied rec_file > as-is. > > > Diffs > ----- > > /trunk/configs/samples/confbridge.conf.sample 423782 > /trunk/apps/confbridge/include/confbridge.h 423782 > /trunk/apps/confbridge/conf_config_parser.c 423782 > /trunk/apps/app_confbridge.c 423782 > > Diff: https://reviewboard.asterisk.org/r/4023/diff/ > > > Testing > ------- > > Set record_options to m(${MAILBOX}) and verified that a recording was > delivered to ${MAILBOX}. > > Set record_command to /bin/rm ^{MIXMONITOR_FILENAME} and checked that > recording was deleted on ending the conference. > > > Thanks, > > gareth > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
