Index: doc/asterisk.8
===================================================================
--- doc/asterisk.8	(revision 46328)
+++ doc/asterisk.8	(working copy)
@@ -80,6 +80,9 @@
 Prompt user to initialize any encrypted private keys for IAX2
 secure authentication during startup.
 .TP
+\fB-s\fR
+Disable '!' (bang) command for executing shell commands in the cli.
+.TP
 \fB-L \fIloadaverage\fB\fR
 Limits the maximum load average before rejecting new calls.  This can
 be useful to prevent a system from being brought down by terminating
Index: main/asterisk.c
===================================================================
--- main/asterisk.c	(revision 46328)
+++ main/asterisk.c	(working copy)
@@ -219,6 +219,7 @@
 char ast_config_AST_CTL_GROUP[PATH_MAX] = "\0";
 char ast_config_AST_CTL[PATH_MAX] = "asterisk.ctl";
 char ast_config_AST_SYSTEM_NAME[20] = "";
+int ast_config_AST_NO_SHELL = 0;
 
 extern const char *ast_build_hostname;
 extern const char *ast_build_kernel;
@@ -1243,10 +1244,13 @@
 		ast_el_add_history(s);
 	/* The real handler for bang */
 	if (s[0] == '!') {
-		if (s[1])
-			ast_safe_system(s+1);
-		else
-			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		if (!ast_config_AST_NO_SHELL) {
+			if (s[1])
+				ast_safe_system(s+1);
+			else
+				ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		} else 
+			printf("Shell commands disabled\n");
 	} else 
 		ast_cli_command(STDOUT_FILENO, s);
 }
@@ -1260,10 +1264,13 @@
 		ast_el_add_history(s);
 	/* The real handler for bang */
 	if (s[0] == '!') {
-		if (s[1])
-			ast_safe_system(s+1);
-		else
-			ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		if (!ast_config_AST_NO_SHELL) {
+			if (s[1])
+				ast_safe_system(s+1);
+			else
+				ast_safe_system(getenv("SHELL") ? getenv("SHELL") : "/bin/sh");
+		} else
+			printf("Shell commands disabled\n");
 		ret = 1;
 	}
 	if ((strncasecmp(s, "quit", 4) == 0 || strncasecmp(s, "exit", 4) == 0) &&
@@ -2320,6 +2327,10 @@
 			ast_copy_string(ast_config_AST_SYSTEM_NAME, v->value, sizeof(ast_config_AST_SYSTEM_NAME));
 		} else if (!strcasecmp(v->name, "languageprefix")) {
 			ast_language_is_prefix = ast_true(v->value);
+		/* Disable shell commands */
+		} else if (!strcasecmp(v->name, "noshell")) {
+			if (!strcasecmp(v->value,"1") || !strcasecmp(v->value,"true") || !strcasecmp(v->value,"on") || !strcasecmp(v->value,"yes"))
+				ast_config_AST_NO_SHELL = 1;
 		}
 	}
 	ast_config_destroy(cfg);
@@ -2370,7 +2381,7 @@
 	if (getenv("HOME")) 
 		snprintf(filename, sizeof(filename), "%s/.asterisk_history", getenv("HOME"));
 	/* Check for options */
-	while ((c = getopt(argc, argv, "mtThfdvVqprRgciInx:U:G:C:L:M:")) != -1) {
+	while ((c = getopt(argc, argv, "mtThfdvVqprRgcsiInx:U:G:C:L:M:")) != -1) {
 		switch (c) {
 #if HAVE_WORKING_FORK
 		case 'F':
@@ -2452,6 +2463,9 @@
 		case 'G':
 			rungroup = optarg;
 			break;
+		case 's':
+			ast_config_AST_NO_SHELL = 1;
+			break;
 		case '?':
 			exit(1);
 		}