[arm-allstar] Update - V1.5rc5-11
Doug Crompton
wa3dsp at gmail.com
Sat Nov 10 11:20:50 EST 2018
OK I knew this question would be asked. The change does not block you from
using *4 on your OWN nodes or nodes you have coordinated with. You simply
add the line to turn it on for the nodes they want control over. You or
anyone else have no business controlling someone else’s node that does not
allow you to do so. So the short answer is it works the same as before you
just need to turn it on within your own node system and understand for now
the security risks of doing that. Anyone who knows your codes can do the
same thing you are doing with it on. In the past it has always been that
way and that is not a good thing.
An answer to this would be to use Supermon which has evolved into a secure
and very useful all in one place management tool for your nodes. I manage
13+ nodes here from one instance of Supermon. You can send DTMF, commands,
etc. to any of them using remote management. Features are constantly being
added. The manual is 20 pages and growing. Many larger hubs are using
Supermon which allows multiple sysop's from widely different areas to
securely control a hub or network.
The past ability to reach out and control or disconnect a distant node
traversing several other nodes is basically over using *4 unless you have
direct control of those nodes. This is the only right thing to do and it
will make Allstar a more secure network.
*73 Doug*
*WA3DSP*
*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
On Sat, Nov 10, 2018 at 8:39 AM "Roger Coudé via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:
> Doug,I agree with you, but the side effect is that we cannot use iaxrpt to
> send commands to nodes anymore.That capabality saved my live many times
> when I was on the road and used my phone to reboot a node, etc…Would it be
> possible to block *4 without blocking iaxrpt DTMF?73Roger
>
>
> De : Doug Crompton via ARM-allstar <arm-allstar at hamvoip.org>
> À : ARM Allstar <arm-allstar at hamvoip.org>
> Cc : Doug Crompton <wa3dsp at gmail.com>
> Envoyé le : samedi 10 novembre 2018 1h29
> Objet : [arm-allstar] Update - V1.5rc5-11
>
> A new update has been released. V1.5rc5-11 and V1.5.3-43 November 9, 2018.
> This is an important security update. Please use the ADMIN menu item 1 to
> update. This release has the following changes -
>
> Allstar has a often little known and used command *4 mapped to ilink,4
> which can be used to send DTMF commands to OTHER nodes just like you would
> to your own. The node you would control needs to be connected for the
> control to work.
>
> While this is in some cases a useful command it also has enormous security
> risks if used in a nefarious way. To eliminate this problem we have turned
> off this feature by default in the hamvoip code with this update. Users who
> need to use it can turn it on with this added command in the node stanza of
> each node requiring it in rpt.conf. Leaving the command out or setting it
> to 0 has the same effect of restricting its use. Few users will have a need
> to turn this on -
>
> remote_dtmf_allowed=1
>
> This command is only needed at the node you want to control and on any
> nodes in between if it is not a direct connect. It is not required on the
> source node unless you also want it to be controlled from somewhere else.
> Keep in mind that it is a general security issue to turn this on and you
> should only to do so if it is needed. This is the classic "back door" which
> probably made sense when Allstar was a small group with trust between
> users. We will be introducing a pin number security feature for this in a
> future update which will make it more secure to leave it on.
>
> Minor change in astdb.php so current data will not be overwritten if
> incoming data is non-existent or corrupted.
>
> Changed the cop,61 and cop,62 commands to allow both a ':' and '=' in the
> command. This solves a problem when using an event statement to directly
> control FOB GPIO which previously required the '=' in the command. A
> statement like this is now permitted -
>
> [events]
> asterisk -rx "rpt cmd 1998 cop 62 GPIO1:1" = s|t|RPT_RXKEYED
>
> NOTE the : instead of = between the GPIO1 and value to set 1.
>
> Again more sanity checks in code areas that have rarely caused coredumps.
> Hamvoip Allstar has become significantly more stable over the years with
> these code changes to prevent situations that should not happen but when
> they do can cause coredumps. Coredumps happen when the code crashes but in
> almost all cases you will not even know it happened as Allstar immediatly
> restarts, It is unlikely you will but if you ever see a coredump file in
> /var/lib/systemd/coredump let us know and pass the file on directly (not on
> this forum) so we can evaluate the problem and hopefully come up with a
> solution.
>
> Changed the AutoSky and weather.sh scripts to so they pass local weather
> and alerts to Supermon. The Supermon updates to display this will be in the
> next release.
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
>
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
More information about the ARM-allstar
mailing list