Security issue disable shell ( ! ) break out

Hi

I need to find out how to disable the shell breakout from asterisk for version 1.4.39.1
asterisk -rvvvvv
== Binding voicemail to odbc/obelixx/voicemail_users
Connected to Asterisk 1.4.39.1 currently running on XXXXXXXXX (pid = 1683)
Verbosity is at least 15
XXXXXXXXX*CLI> !
[root@gfpreoas01 ~]#

Help much appreciated

Delete the code that initiates it and recompile. It may also be possible to block it by making the login under which rasterisk runs have some sort of restricted shell access.

Note that ! runs in the rasterisk (asterisk -r) process, not in the main asterisk one.

Note that blocking “!” doesn’t relieve you of the need to clear people who use the Asterisk level to the level of the account used to run Asterisk, as there are ways of using it to get commands run in the security context of the main asterisk process.

thnx for the feed back … I will go out and break things ! :smiley: