Changed the default for live_dangerously to no
authorDavid M. Lee <dlee@digium.com>
Tue, 17 Dec 2013 14:41:59 +0000 (14:41 +0000)
committerDavid M. Lee <dlee@digium.com>
Tue, 17 Dec 2013 14:41:59 +0000 (14:41 +0000)
........

Merged revisions 404006 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@404009 65c4cc65-6c06-0410-ace0-fbb531ad65f3

configs/asterisk.conf.sample
main/asterisk.c

index f7cda26..985c80c 100644 (file)
@@ -88,7 +88,7 @@ documentation_language = en_US        ; Set the language you want documentation
                                ; etc.) These functions (such as SHELL) are
                                ; considered dangerous because they can allow
                                ; privilege escalation.
-                               ; Default yes, for backward compatability.
+                               ; Default no
 
 ; Changing the following lines may compromise your security.
 ;[files]
index 3ed085d..d065095 100644 (file)
@@ -3332,8 +3332,8 @@ static void ast_readconfig(void)
                unsigned int dbdir:1;
                unsigned int keydir:1;
        } found = { 0, 0 };
-       /* Default to true for backward compatibility */
-       int live_dangerously = 1;
+       /* Default to false for security */
+       int live_dangerously = 0;
 
        /* Set default value */
        option_dtmfminduration = AST_MIN_DTMF_DURATION;