[
https://issues.apache.org/jira/browse/QPID-4631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13639482#comment-13639482
]
Alan Conway commented on QPID-4631:
-----------------------------------
What is the motivation for this change? Many applications (not least most of
our tests) live on trusted networks and do not require security or need/want to
be encumbered with security related config. We should not require an ACL file
simply to use links or any other feature. I suggest we add the new requirements
only if auth=yes. That makes them required by default (auth=yes) but easy to
opt-out by setting auth=no.
> C++ Broker interbroker links should be protected by ACL
> -------------------------------------------------------
>
> Key: QPID-4631
> URL: https://issues.apache.org/jira/browse/QPID-4631
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.20
> Reporter: Chuck Rolke
> Assignee: Chuck Rolke
>
> This issue addresses CVE-2012-4446
> Federated interbroker links may be opened by client programs and not just by
> brokers. By default the creation of these links is not protected any formal
> authorization.
> Users concerned about this issue may immediately lock their systems down by
> creating ACL rules that allow links to be created only by authorized users.
> For instance the following ACL rules on each broker would provide the
> lockdown necessary:
> group proxies <id1> <id2> ...
> acl allow proxies create link
> acl deny-log all create link
> A better solution is for the ACL module to deny the creation of links unless
> ACL rules are specified to specifically allow them.
> In pseudo code the solution is in two parts. Part one observes CREATE LINK
> rules in the acl file. Part two authorizes link creation only if ACL is
> loaded, CREATE LINK ACL rules are specified, and the specific user is
> authorized to create the link in question:
> function readAclFile()
> ...
> if (CREATE LINK rules are specified)
> set acl->createLinkFlag
> endif
> ...
> end function
> function brokerCreateLink()
> if (aclLoaded)
> if (acl->createLinkFlag)
> if (acl->authorise(user, create, link, properties))
> <create link allowed>
> else
> <create link denied - not authorized>
> endif
> else
> <create link denied - acl did not specify a create link rule>
> endif
> else
> <create link denied - acl module not loaded>
> endif
> end function
> This Jira will track the implementation of this restriction.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
