|Summary:||ASTERISK-14122: [patch] SIP allowguest defaults to yes with 'make samples'|
|Reporter:||Alec Davis (alecdavis)||Labels:|
|Date Opened:||2009-05-13 17:20:30||Date Closed:||2011-12-12 11:42:40.000-0600|
|Environment:||Attachments:||( 0) 20091112__issue15101.diff.txt|
( 1) configs.diff.txt
|Description:||Proposal to change sip.conf.sample and extensions.conf.sample|
So that new a install has sip.conf has allowguest=no in the [general] section
and extensions.conf to have a warning in the [default] section that sip.conf may have allowguest=yes or the default of yes.
****** ADDITIONAL INFORMATION ******
Sure 'make install' has the following warning
" + YOU MUST READ THE SECURITY DOCUMENT +"
But that's during install, not when you or someone else is working with dialplan mods.
This proposed change will not affect existing installations, only new ones that actually run 'make samples'.
|Comments:||By: Alec Davis (alecdavis) 2009-05-15 00:40:51|
'make samples' can leave a system wide open for abuse should the unaware 'dialplan' coder change [default] context in extensions.conf to allow dial out.
By: Alec Davis (alecdavis) 2009-07-27 16:08:45
Are we not concerned regarding security, regarding phone system hacking.
Maybe only the 2nd part of the patch need be applied, as the 1st part will render a default test system unable to accept SIP test calls.
This patch does not affect installed systems, only new systems where <u>make samples</u> is run.
By: Michiel van Baak (mvanbaak) 2009-09-18 08:02:02
+1 from me.
By: Tilghman Lesher (tilghman) 2009-09-18 09:27:43
While I'm all for the warning in extensions.conf, I don't know that we should change the default in sip.conf. The sample config is intended to make it easy for people to connect phones to Asterisk, to get started. Any change that makes that more difficult needs a what-for moment before we consider it.
By: Alec Davis (alecdavis) 2009-09-20 21:46:31
I might agree that anyone using a prepackaged product to 'get started in 10 minutes' IE. AsteriskNow could have the 'easy start' option of allow guest to connect.
But anyone compiling and installing from source, and running 'make samples', probably has a fairer idea of what's required to get started.. Create an account in sip.conf.
After all, most linux distributions, straight out of the box have the firewall on.
'mysql' default won't allow inbound connections, you now have to comment out 'bind-address = *'
'lprng' default now requires 'lpd_listen_port=515' in /etc/lprng/lpd.conf if you want it to act as a network print server.
asterisk has moved on, it is now a viable corporate product, and as such, out of the box, it should not let guest users in.
By: Tilghman Lesher (tilghman) 2009-09-20 23:21:51
Out of the box, Apache doesn't allow one to access /etc/passwd, either, and Asterisk sample configurations don't allow you to make free outbound calls.
However, once the configuration has been altered, Apache will let you access /etc/passwd, firewalls will let you pass all data, mail servers will let spam pass, and MySQL will allow connections from anywhere.
We aren't responsible for what people might do with their Asterisk servers, only that the _default_ configuration is safe. Guest access is perfectly safe, as long as people don't _change_ the sample configuration to make it unsafe. A warning in the appropriate place is fine to ward that off.
If you want to change this, then you need to send an email to the asterisk-dev list, detailing your proposed change to the defaults, and an appropriate decision can be made by discussion. The bugtracker is never the proper forum for these discussions.
By: Leif Madsen (lmadsen) 2009-09-30 10:15:17
Closed, and 302 Redirect to the asterisk-dev mailing list for now.
By: Alec Davis (alecdavis) 2009-11-12 00:36:38.000-0600
Keeping open, for further reports.
By: Tilghman Lesher (tilghman) 2009-11-12 01:09:12.000-0600
Re-suspended. I have not seen where you have properly sent a NEW message to the asterisk-dev mailing list as a new thread, not a reply to an existing, unrelated thread (which is a good way to make sure the discussion gets buried). Try again on the asterisk-dev mailing list, please.
By: Tilghman Lesher (tilghman) 2009-11-12 14:54:13.000-0600
I think we've now come to an agreement on the asterisk-dev mailing list, in which we will change the name of the context to "public", to make it more obvious. Thank you for starting the discussion. I believe it has been rather productive.
By: Alec Davis (alecdavis) 2009-11-12 17:33:08.000-0600
Reading AST-2008-003, which IMO the fix implies that allowguest has to be enabled, to allow an unauthenticated call.
"A fix has been added which checks for the option 'allowguest' to be enabled before determining that authentication is not required"
please refer to http://downloads.asterisk.org/pub/security/AST-2008-003.pdf
By: Leif Madsen (lmadsen) 2009-11-13 08:50:40.000-0600
Based on that line I don't see the issue because by default it is enabled...
By: Alec Davis (alecdavis) 2009-11-16 16:29:33.000-0600
Feels better, for an unaware user.
I did wonder about the patch for "configs/manager.conf.sample", is it related.
By: Paul Belanger (pabelanger) 2010-06-16 10:01:55
Patches have been posted to reviewboard
By: Richard Mudgett (rmudgett) 2011-11-15 15:39:50.307-0600
asterisk-dev list discussion links: