From 009d95c79a3a83816f01c67218bcb74a9bf2097e Mon Sep 17 00:00:00 2001
From: Kevin Harwell <kharwell@digium.com>
Date: Thu, 20 Nov 2014 16:30:23 +0000
Subject: [PATCH] AST-2014-018 - func_db: DB Dialplan function permission
 escalation via AMI.

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........

Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428397 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 funcs/func_db.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/funcs/func_db.c b/funcs/func_db.c
index ebe58f02e3..b56fef9f5e 100644
--- a/funcs/func_db.c
+++ b/funcs/func_db.c
@@ -351,7 +351,7 @@ static int load_module(void)
 {
 	int res = 0;
 
-	res |= ast_custom_function_register(&db_function);
+	res |= ast_custom_function_register_escalating(&db_function, AST_CFE_BOTH);
 	res |= ast_custom_function_register(&db_exists_function);
 	res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ);
 	res |= ast_custom_function_register(&db_keys_function);
-- 
GitLab