[rabbitmq-discuss] Access Control for Dead Letter Exchanges?

Gotthard, Petr Petr.Gotthard at Honeywell.com
Mon Jul 29 14:55:24 BST 2013

Does this mean I (being a evil hacker) can misuse this to publish a message to an exchange even though I don't have write permissions for that exchange?

There is an exchange X that is protected and I must not be able to publish to it.
I create a queue Q with a length limit "1" and x-dead-letter-exchange="X".
I create the evil message and publish it to the queue Q.
Then I publish a second message to this queue.
Since the queue limit has been reached, the evil message gets dead lettered to "X" with no permission check(?)

Didn't I just bypassed the ACL for "X"?


-----Original Message-----
From: Emile Joubert [mailto:emile at rabbitmq.com] 
Sent: 29. července 2013 15:46
To: Discussions about RabbitMQ
Cc: Gotthard, Petr
Subject: Re: [rabbitmq-discuss] Access Control for Dead Letter Exchanges?


On 29/07/13 13:47, Gotthard, Petr wrote:
> How does the access control work for publishing to dead letter 
> exchanges? Is the write permission checked? For example, does the 
> owner of the queue that defined a x-dead-letter-exchange have to have 
> the write permission for this dead letter exchange?

Permissions of exchanges are only checked upon the initial publish before dead-lettering took place. The permissions don't get checked again after that. It is not possible to prevent dead-lettering on the basis of permissions.

> (I didn't find any documentation on this aspect.)

That's an oversight that will be corrected. Thanks for pointing it out.


More information about the rabbitmq-discuss mailing list