You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Chuck Rolke (JIRA)" <ji...@apache.org> on 2013/03/22 20:23:15 UTC

[jira] [Commented] (QPID-4631) C++ Broker interbroker links should be protected by ACL

    [ https://issues.apache.org/jira/browse/QPID-4631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13611102#comment-13611102 ] 

Chuck Rolke commented on QPID-4631:
-----------------------------------

Work on this issue is in qpid/branches/qpid-4631

The acl and broker code are complete and checked in 
http://svn.apache.org/viewvc?view=revision&revision=r1459822
This includes fixes for ha_tests(ha_test.py).

Code for self tests federation_tests and federation_sys_tests is in
http://svn.apache.org/viewvc?view=revision&revision=r1459854

Scanning the sources of cpp/src/tests it looks like these files need some Acl help to make the work properly:
cli_tests.py
federated_topic_test
ipv6_test
sasl_fed
sasl_fed_ex
sasl_fed_ex_dynamic
sasl_fed_ex_link
sasl_fed_ex_queue
sasl_fed_ex_route
run_federation_tests.ps1
run_ha_tests
run_headers_federation_tests


                
> C++ Broker interbroker links should be protected by ACL
> -------------------------------------------------------
>
>                 Key: QPID-4631
>                 URL: https://issues.apache.org/jira/browse/QPID-4631
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.20
>            Reporter: Chuck Rolke
>            Assignee: Chuck Rolke
>
> This issue addresses CVE-2012-4446
> Federated interbroker links may be opened by client programs and not just by brokers. By default the creation of these links is not protected any formal authorization.
> Users concerned about this issue may immediately lock their systems down by creating ACL rules that allow links to be created only by authorized users. For instance the following ACL rules on each broker would provide the lockdown necessary:
>   group proxies <id1> <id2> ...
>   acl allow    proxies create link
>   acl deny-log all     create link
> A better solution is for the ACL module to deny the creation of links unless ACL rules are specified to specifically allow them.
> In pseudo code the solution is in two parts. Part one observes CREATE LINK rules in the acl file. Part two authorizes link creation only if ACL is loaded, CREATE LINK ACL rules are specified, and the specific user is authorized to create the link in question:
> function readAclFile()
>   ...
>   if (CREATE LINK rules are specified)
>     set acl->createLinkFlag
>   endif
>   ...
> end function
> function brokerCreateLink()
>   if (aclLoaded)
>     if (acl->createLinkFlag)
>       if (acl->authorise(user, create, link, properties))
>         <create link allowed>
>       else
>         <create link denied - not authorized>
>       endif
>     else
>       <create link denied - acl did not specify a create link rule>
>     endif
>   else
>     <create link denied - acl module not loaded>
>   endif
> end function
> This Jira will track the implementation of this restriction.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org