Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.20
-
None
Description
This issue addresses CVE-2012-4446
Federated interbroker links may be opened by client programs and not just by brokers. By default the creation of these links is not protected any formal authorization.
Users concerned about this issue may immediately lock their systems down by creating ACL rules that allow links to be created only by authorized users. For instance the following ACL rules on each broker would provide the lockdown necessary:
group proxies <id1> <id2> ...
acl allow proxies create link
acl deny-log all create link
A better solution is for the ACL module to deny the creation of links unless ACL rules are specified to specifically allow them.
In pseudo code the solution is in two parts. Part one observes CREATE LINK rules in the acl file. Part two authorizes link creation only if ACL is loaded, CREATE LINK ACL rules are specified, and the specific user is authorized to create the link in question:
function readAclFile()
...
if (CREATE LINK rules are specified)
set acl->createLinkFlag
endif
...
end function
function brokerCreateLink()
if (aclLoaded)
if (acl->createLinkFlag)
if (acl->authorise(user, create, link, properties))
<create link allowed>
else
<create link denied - not authorized>
endif
else
<create link denied - acl did not specify a create link rule>
endif
else
<create link denied - acl module not loaded>
endif
end function
This Jira will track the implementation of this restriction.