[OpenSIPS-Users] Security related
Răzvan Crainea
razvan at opensips.org
Mon Nov 23 10:24:24 CET 2015
Hi, John!
1. No, it is not taken care by the module internally.
2. opensipsctl is run only locally, so I don't think you have to worry
about that. On the other side, mi_datagram communicates plain-text over
the internet, so I understand your worries. However, there's not that
much you can do on the application side. The only thing that I can think
of is to guide that traffic throug a VPN tunnel.
3. This depends on the command you are running. You can run opensips as
a non-priviledged user and still run exec, as long as that user has
execute rights on the script/binary you are executing.
Best regards,
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 11/23/2015 06:04 AM, John Nash wrote:
> I have couple of things i need your valuable inputs I have already seen
> some articles and slides but some questions remain...
>
> 1- AVP db queries do we need to escape parameters or its taken care of
> by module internally.
>
> 2- How can I secure opensipsctl and mi_datagram as that is gateway to my
> opensips.
>
> 3- I need to use exec module to run some opensipsctl commands, If I
> understand correctly, if i am running opensips as root someone can run
> any command on my box?...On the other hand if I run opensips on some non
> privileged user can I still run exec?
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list