Index: asterisk.8
===================================================================
--- asterisk.8	(revision 46328)
+++ asterisk.8	(working copy)
@@ -80,6 +80,9 @@
 Prompt user to intialize any encrypted private keys for IAX2
 secure authentication during startup.
 .TP
+\fB-s\fR
+Disable '!' (bang) command for executing shell commands in the cli.
+.TP
 \fB-L \fIloadaverage\fB\fR
 Limits the maximum load average before rejecting new calls.  This can
 be useful to prevent a system from being brought down by terminating
Index: doc/README.asterisk.conf
===================================================================
--- doc/README.asterisk.conf	(revision 46328)
+++ doc/README.asterisk.conf	(working copy)
@@ -62,6 +62,7 @@
 maxcalls = 255					; The maximum number of concurrent calls you want to allow 
 execincludes = yes | no 			; Allow #exec entries in configuration files
 dontwarn = yes | no				; Don't over-inform the Asterisk sysadm, he's a guru
+noshell = yes | no				; Disable shell commands with '!' in the cli
 
 [files]
 ; Changing the following lines may compromise your security
Index: asterisk.c
===================================================================
--- asterisk.c	(revision 46328)
+++ asterisk.c	(working copy)
@@ -228,6 +228,7 @@
 char ast_config_AST_CTL_OWNER[AST_CONFIG_MAX_PATH] = "\0";
 char ast_config_AST_CTL_GROUP[AST_CONFIG_MAX_PATH] = "\0";
 char ast_config_AST_CTL[AST_CONFIG_MAX_PATH] = "asterisk.ctl";
+int ast_config_AST_NO_SHELL = 0;
 
 static char *_argv[256];
 static int shuttingdown = 0;
@@ -1000,11 +1001,14 @@
 		ast_el_add_history(s);
 	/* The real handler for bang */
 	if (s[0] == '!') {
-		if (s[1])
-			ast_safe_system(s+1);
-		else
-			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
-	} else 
+		if (!ast_config_AST_NO_SHELL) {
+			if (s[1])
+				ast_safe_system(s+1);
+			else
+				ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		} else
+			printf("Shell commands disabled\n");
+	} else
 		ast_cli_command(STDOUT_FILENO, s);
 }
 
@@ -1017,10 +1021,13 @@
 		ast_el_add_history(s);
 	/* The real handler for bang */
 	if (s[0] == '!') {
-		if (s[1])
-			ast_safe_system(s+1);
-		else
-			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		if (!ast_config_AST_NO_SHELL) {
+			if (s[1])
+				ast_safe_system(s+1);
+			else
+				ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		} else
+			printf( "Shell commands disabled\n" );
 		ret = 1;
 	}
 	if ((strncasecmp(s, "quit", 4) == 0 || strncasecmp(s, "exit", 4) == 0) &&
@@ -1992,6 +1999,11 @@
 		} else if (!strcasecmp(v->name, "rungroup")) {
 			ast_copy_string(ast_config_AST_RUN_GROUP, v->value, sizeof(ast_config_AST_RUN_GROUP));
 		}
+		/* Disable shell commands in cli */ 
+		else if (!strcasecmp(v->name, "noshell")) {
+			if (!strcasecmp(v->value, "1") || !strcasecmp(v->value, "true") || !strcasecmp(v->value, "on") || !strcasecmp(v->value, "yes"))
+				ast_config_AST_NO_SHELL = 1;
+		}
 		v = v->next;
 	}
 	ast_config_destroy(cfg);
@@ -2049,7 +2061,7 @@
 	}
 	*/
 	/* Check for options */
-	while((c=getopt(argc, argv, "tThfdvVqprRgcinx:U:G:C:L:M:")) != -1) {
+	while((c=getopt(argc, argv, "tThfdvVqprRgcsinx:U:G:C:L:M:")) != -1) {
 		switch(c) {
 		case 'd':
 			option_debug++;
@@ -2124,6 +2136,9 @@
 		case 'G':
 			rungroup = optarg;
 			break;
+		case 's':
+			ast_config_AST_NO_SHELL = 1;
+			break;
 		case '?':
 			exit(1);
 		}