mirror of https://github.com/zulip/zulip.git
a46f6df91e
Zulip writes a `rabbitmq.config` configuration file which locks down RabbitMQ to listen only on localhost:5672, as well as the RabbitMQ distribution port, on localhost:25672. The "distribution port" is part of Erlang's clustering configuration; while it is documented that the protocol is fundamentally insecure ([1], [2]) and can result in remote arbitrary execution of code, by default the RabbitMQ configuration on Debian and Ubuntu leaves it publicly accessible, with weak credentials. The configuration file that Zulip writes, while effective, is only written _after_ the package has been installed and the service started, which leaves the port exposed until RabbitMQ or system restart. Ensure that rabbitmq's `/etc/rabbitmq/rabbitmq.config` is written before rabbitmq is installed or starts, and that changes to that file trigger a restart of the service, such that the ports are only ever bound to localhost. This does not mitigate existing installs, since it does not force a rabbitmq restart. [1] https://www.erlang.org/doc/apps/erts/erl_dist_protocol.html [2] https://www.erlang.org/doc/reference_manual/distributed.html#distributed-erlang-system |
||
|---|---|---|
| .. | ||
| zulip | ||
| zulip_ops | ||
| deps.yaml | ||