On 12/2/08, Tod Fitch <[EMAIL PROTECTED]> wrote: > > If you allow calls to your default context to be relayed back out then you > can be in a position where unregistered entities can use your machine to > make free calls. I guess this is a "security issue". Certainly that can be > an issue that one should be careful of when setting up a PBX.
Just make sure your default context doesn't include any contexts or other matches to allow those types of calls. Context definition and control are a very important part of Asterisk security. > But when I hear the the term "security" and I am on a computer the first > thing that comes to my mind is an attack vector for taking control of the > machine itself. For example an ill-formed packet or sequence of packets that > cause the server application to crash in such a way that executes part of > your packet data left on the stack. This is true, although telephony applications add the ability for the attacker to directly impact you financially - by placing calls on the PSTN that you are later billed for. Kind of like using a machine in a colo for a SPAM relay. Next thing you know, you end up with a whopping bandwidth bill. Only this time it's worse because they are calling Iridium satellite phones for $1.95/min. > From your response, I am I correct in believing that the issue is in > allowing guests is in the former (free calls) rather than in the latter > (taking control of your Asterisk box)? > > Thank you for any clarification. > > And, by the way, I was and am still a little take aback by seeing that > everything except a spawned session of mini_httpd runs as root in my > AstLinux box. I would much prefer that Asterisk run as its own unprivileged > user. > This is another important issue that has not really been discussed before. We have a problem here... One of the (main) reasons we run Asterisk as root is to allow preemption, which requires root privileges. This is pretty important for an embedded system. If you're not using preemption we have the opportunity to run as a separate user. However, this separate user will also have to share credentials with the web interface to allow for configuration. I've really been interested in implementing SELinux support in AstLinux for quite some time. Then you can run everything as root and it doesn't matter ;)... Seriously though, SELinux and separate users would be cool. We would just have to make sure the various components of the system could use the separate user accounts in a logical manner. For instance, the two AstLinux web interfaces practically require root privileges. Does Lonnie or anyone else care to comment on this? -- Kristian Kielhofner http://blog.krisk.org http://www.submityoursip.com http://www.astlinux.org http://www.star2star.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
