| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ message integrity in the filesystem |
« View previous topic :: View next topic » |
| Author |
Message
|
| zpat |
 Posted: Tue Jun 22, 2010 1:47 am Post subject: MQ message integrity in the filesystem |
 |
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
WMQ 6, AIX 5
Someone has asked me if it might be possible for an intruder to modify a message stored on a queue by editing/updating the underlying queue file in the filesystem?
Does MQ have any message integrity checking, such as using a checksum to detect message modification, or corruption, on the file system?
I realise there are additional products that may help, but I am asking about the base product.
All the file permissions are mqm:mqm so I suppose standard AIX file security offers some protection. |
|
| Back to top |
|
 |
| bruce2359 |
| Posted: Tue Jun 22, 2010 5:29 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Quote: |
| Someone has asked me if it might be possible for an intruder to modify a message stored on a queue by editing/updating the underlying queue file in the filesystem? |
Intruder? Do you mean can someone granted read/write authority to write to the file system? Yes, it is possible. Isn't that what 'write' authorizes?
| Quote: |
| Does MQ have any message integrity checking, such as using a checksum to detect message modification, or corruption, on the file system? |
No.
| Quote: |
| All the file permissions are mqm:mqm so I suppose standard AIX file security offers some protection. |
File permissions prevent everyone else from damaging the mq file system.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| zpat |
| Posted: Tue Jun 22, 2010 5:45 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
The question seems to be if someone gets root could they modify a message in transit or inject messages?
Of course the answer is yes, root can do anything; but I wondered if MQ has any basic defences against tampering.
End to end message encryption or digital signatures would be one approach. SSL channels does not really help much since the messages are in clear text on the queues.
It's about how easy is it, rather than if it is theorectically possible. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Jun 22, 2010 5:48 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| Quote: |
| Someone has asked me if it might be possible for an intruder to modify a message stored on a queue by editing/updating the underlying queue file in the filesystem? |
Intruder? Do you mean can someone granted read/write authority to write to the file system? Yes, it is possible. Isn't that what 'write' authorizes? |
But to the best of my knowledge, the format of data on the q file is undocumented.
| bruce2359 wrote: |
| Quote: |
| Does MQ have any message integrity checking, such as using a checksum to detect message modification, or corruption, on the file system? |
No. |
Again, AFAIK, the format of the data on the q file is undocumented. And experientially, I know that q files can become "damaged", and that this causes issues with the operation of the queue.
Does this mean that someone who knows what they're doing can't change the contents of the q file *without* damaging it?
No.
| bruce2359 wrote: |
| Quote: |
| All the file permissions are mqm:mqm so I suppose standard AIX file security offers some protection. |
File permissions prevent everyone else from damaging the mq file system. |
File permissions also in general prevent all kinds of other well known and accepted security issues - like people modifying the storage files of databases and people modifying the contents of email messages on the email server and and and and |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Jun 22, 2010 5:51 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
And, equally theoretical, someone with root (and therefore, the file system) could install, delete and modify applications, o/s components, dbm software, databases, tables.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jun 22, 2010 6:00 am Post subject: Re: MQ message integrity in the filesystem |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zpat wrote: |
| Does MQ have any message integrity checking, such as using a checksum to detect message modification, or corruption, on the file system? |
Not that I'm aware of, but such message insertion would require considerable skill to avoid corrupting the file & making it unusable. So an attack rather than an insertion.
| zpat wrote: |
| I realise there are additional products that may help, but I am asking about the base product. |
You could, at a stretch, call WMQ ESE a "base" product.... 
| zpat wrote: |
| All the file permissions are mqm:mqm so I suppose standard AIX file security offers some protection. |
Offers protection widely used by other applications to defend their data.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ramires |
| Posted: Tue Jun 22, 2010 6:59 am Post subject: |
|
|
Knight
Joined: 24 Jun 2001
Posts: 523
Location: Portugal - Lisboa
|
Q file can be changed, if message length stays the same, it's possible to alter it.
You can do the test, write a persistent message to a q, like "Msg1" stop the qmgr, with an hex editor change to "Msg2", start the qmgr and read the changed message.
You have to use operating system permissions to prenvent Q file access. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jun 22, 2010 1:42 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
There are multiple ways to tampering with messages, including reading it (destructively), modifying it and putting it back on the queue.
If you want a tamper-proof message, although still in clear text, it will have to carry a hex formatted info of it's signature. You can then test the content and the signature against a known key pair... If the signature does not match your message has been tampered with... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Jun 22, 2010 1:50 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
But it's not native to the product.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
