[rabbitmq-discuss] Access Control for Dead Letter Exchanges?
Gotthard, Petr
Petr.Gotthard at Honeywell.com
Mon Jul 29 14:55:24 BST 2013
Does this mean I (being a evil hacker) can misuse this to publish a message to an exchange even though I don't have write permissions for that exchange?
Scenario:
There is an exchange X that is protected and I must not be able to publish to it.
I create a queue Q with a length limit "1" and x-dead-letter-exchange="X".
I create the evil message and publish it to the queue Q.
Then I publish a second message to this queue.
Since the queue limit has been reached, the evil message gets dead lettered to "X" with no permission check(?)
Didn't I just bypassed the ACL for "X"?
Petr
-----Original Message-----
From: Emile Joubert [mailto:emile at rabbitmq.com]
Sent: 29. července 2013 15:46
To: Discussions about RabbitMQ
Cc: Gotthard, Petr
Subject: Re: [rabbitmq-discuss] Access Control for Dead Letter Exchanges?
Hi,
On 29/07/13 13:47, Gotthard, Petr wrote:
> How does the access control work for publishing to dead letter
> exchanges? Is the write permission checked? For example, does the
> owner of the queue that defined a x-dead-letter-exchange have to have
> the write permission for this dead letter exchange?
Permissions of exchanges are only checked upon the initial publish before dead-lettering took place. The permissions don't get checked again after that. It is not possible to prevent dead-lettering on the basis of permissions.
> (I didn't find any documentation on this aspect.)
That's an oversight that will be corrected. Thanks for pointing it out.
-Emile
More information about the rabbitmq-discuss
mailing list