9 Oct
2023
9 Oct
'23
3:56 p.m.
On 9 Oct 2023, at 15:45, Daniel-Constantin Mierla
<miconda(a)gmail.com> wrote:
The execution of rpc commands has to be protected/firewalled anyhow, there are commands
that can kill kamailio or old commands that write to file (e.g, dlg.dump_file). Also, the
rpc over fifo writes to a file the response. The rpc interface was designed to be used
only by trusted apps, being them restricted by firewal or OS permissions.
I tried to avoid opening the old can of worms, more question if it’s a good thing
to continue down that path without protections.
You are right, there are a lot of bad things one can do, so maybe we have to live with it.
At some point maybe
add a light level of authorization.
For more flexibility in setting "I want to be
able to ..." rules, of course contributions are more than welcome.
As always!
…which is one of the reasons I’m dropping the ideas on the mailing list for everyone to
consider… :-)
/O
Cheers,
Daniel
On 09.10.23 14:40, Olle E. Johansson via sr-dev wrote:
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy and Development Services
Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com
On 9 Oct 2023, at 14:08, Daniel-Constantin Mierla
via sr-dev <sr-dev(a)lists.kamailio.org> <mailto:sr-dev@lists.kamailio.org>
wrote:
corex: rpc command to print shm status report to file based on filter
How do we restrict this? I find it kind of scary that an external app can force kamailio
to write
to files in the file system.
- I want to be able to disable it in modparam
- I want to be able to restrict the directory Kamailio can write in
- I want to be able to restrict sizes
/O
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-leave(a)lists.kamailio.org
<mailto:sr-dev-leave@lists.kamailio.org>