[rabbitmq-discuss] rabbitmq-jsonrpc-channel on port 80

• Previous message: [rabbitmq-discuss] rabbitmq-jsonrpc-channel on port 80
• Next message: [rabbitmq-discuss] detecting publish failure across restart
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 01, 2010 at 08:20:07AM -0700, Donovan wrote:
> I understand the perils of running as root, but Apache manages to
> operate with port 80, maybe RabbitMQ's mochiweb part should be able
> too?

Yeah, I think at least one of the reasons behind AMQP default port of 5672
was to avoid such issues. Of course, once your broker starts running
embedded webservers, it's going to start causing pain.

Currently RabbitMQ lacks a "start up as root, open sockets and then drop
priviliges". It's unlikely to gain one too - I'm not sure if it's
possible to do in Erlang anyway - I've certainly not seen any Erlang-ish
interfaces to the whole "change my priviliges" APIs, and even if it was,
it's questionable if you'd want to do it - plugins should be treated as
much less thoroughly tested and thus less "safe" than the rest of the
broker anyway, and if they were basically able to do some execution as
root on booting of Rabbit, that would be quite alarming.

Yes, Apache/Postfix/Bind etc etc etc can do it, but they're doing that
for their major port - i.e. the port which those programs were designed
to be looking after anyway. The equiv would be us doing this for 5672,
were that required. I'm not aware of Apache/Postfix/Bind etc giving the
same treatment to untrusted plugins.

Certainly, I'd suggest iptables is your best bet for the time being.

Matthew

• Previous message: [rabbitmq-discuss] rabbitmq-jsonrpc-channel on port 80
• Next message: [rabbitmq-discuss] detecting publish failure across restart
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]