Access Control for Dead Letter Exchanges?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Access Control for Dead Letter Exchanges?

Gotthard, Petr

Hello,

 

How does the access control work for publishing to dead letter exchanges? Is the write permission checked? For example, does the owner of the queue that defined a x-dead-letter-exchange have to have the write permission for this dead letter exchange?

 

(I didn’t find any documentation on this aspect.)

 

 

Thanks,

Petr

 


_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Access Control for Dead Letter Exchanges?

Emile Joubert

Hi,

On 29/07/13 13:47, Gotthard, Petr wrote:
> How does the access control work for publishing to dead letter
> exchanges? Is the write permission checked? For example, does the owner
> of the queue that defined a x-dead-letter-exchange have to have the
> write permission for this dead letter exchange?

Permissions of exchanges are only checked upon the initial publish
before dead-lettering took place. The permissions don't get checked
again after that. It is not possible to prevent dead-lettering on the
basis of permissions.

> (I didn’t find any documentation on this aspect.)

That's an oversight that will be corrected. Thanks for pointing it out.





-Emile




_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Access Control for Dead Letter Exchanges?

Gotthard, Petr
Does this mean I (being a evil hacker) can misuse this to publish a message to an exchange even though I don't have write permissions for that exchange?

Scenario:
There is an exchange X that is protected and I must not be able to publish to it.
I create a queue Q with a length limit "1" and x-dead-letter-exchange="X".
I create the evil message and publish it to the queue Q.
Then I publish a second message to this queue.
Since the queue limit has been reached, the evil message gets dead lettered to "X" with no permission check(?)

Didn't I just bypassed the ACL for "X"?


Petr

-----Original Message-----
From: Emile Joubert [mailto:[hidden email]]
Sent: 29. července 2013 15:46
To: Discussions about RabbitMQ
Cc: Gotthard, Petr
Subject: Re: [rabbitmq-discuss] Access Control for Dead Letter Exchanges?


Hi,

On 29/07/13 13:47, Gotthard, Petr wrote:
> How does the access control work for publishing to dead letter
> exchanges? Is the write permission checked? For example, does the
> owner of the queue that defined a x-dead-letter-exchange have to have
> the write permission for this dead letter exchange?

Permissions of exchanges are only checked upon the initial publish before dead-lettering took place. The permissions don't get checked again after that. It is not possible to prevent dead-lettering on the basis of permissions.

> (I didn't find any documentation on this aspect.)

That's an oversight that will be corrected. Thanks for pointing it out.





-Emile




_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Access Control for Dead Letter Exchanges?

Emile Joubert

Hi Petr,

On 29/07/13 14:55, Gotthard, Petr wrote:
> Does this mean I (being a evil hacker) can misuse this to publish a
> message to an exchange even though I don't have write permissions for
> that exchange?

Yes indeed. Thanks for alerting us to this problem. A fix will be
forthcoming shortly. The release notes will contain the tag '25686' when
this fix is released.



-Emile





_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss