On Sat, Oct 31, 2009 at 12:04:18PM -0400, cbulist wrote: > Hi, > > Is it possible to run a !<command> from Manager connection?
No. You can implement it yourself. '!' is not sent to the asterisk daemon. Rather, the local client runs a command. For instance: # id -a uid=0(root) gid=0(root) groups=0(root) # ps u `cat /var/run/asterisk/asterisk.pid ` USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND asterisk 4314 0.0 0.2 698424 5036 ? Ssl Oct10 17:53 /usr/sbin/aster # asterisk -r Asterisk 1.6.2.0~dfsg~beta4-0.7501, Copyright (C) 1999 - 2009 Digium, Inc. and others. Created by Mark Spencer <[email protected]> Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details. This is free software, with components licensed under the GNU General Public License version 2 and other licenses; you are welcome to redistribute it under certain conditions. Type 'core show license' for details. ========================================================================= This package has been modified for the Debian GNU/Linux distribution Please report all bugs to http://bugs.debian.org/asterisk ========================================================================= Connected to Asterisk 1.6.2.0~dfsg~beta4-0.7501 currently running on sweetmorn (pid = 4314) sweetmorn*CLI> !id -a uid=0(root) gid=0(root) groups=0(root) That said, the dialplan application System allows you to do that. E.g. look for the dialplan snippet that includes the extension called 'executecommand' which is embedded in http://svn.digium.com/svn/asterisk-gui/branches/2.0/config/js/pbx.js Needless to say that this opens the door to shell code injection attacks, such as the one described in http://www.csnews.com/csn/news/article_display.jsp?vnu_content_id=1004015447 Actually http://en.wikipedia.org/wiki/Code_injection#Shell_injection will probably be more useful. -- Tzafrir Cohen icq#16849755 jabber:[email protected] +972-50-7952406 mailto:[email protected] http://www.xorcom.com iax:[email protected]/tzafrir _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
