Skip to content

server: audit the direct uses of RPC handler functions from other packages to check for missing authz #67938

Open
Open
server: audit the direct uses of RPC handler functions from other packages to check for missing authz#67938
Labels
A-authenticationPertains to authn subsystemsA-securityA-server-architectureRelates to the internal APIs and src org for server codeC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.T-server-and-securityDB Server & Security
@knz

Description

@knz
knz
opened on Jul 22, 2021

Identified by @bdarnell in this comment

Today, we have certain places in the code that directly call a Go RPC handler method inside the server package, without actually issuing a RPC call. This bypasses authentication and may thus bypass authorization.

We need to audit these calls to see what to do about them.

In an ideal world:

  • none of the RPC handler methods should be usable from another package. This can be achieved by moving their implementation in a new sub-package server/internal

  • internal logic should be equipped with adequate authorization barriers.

Jira issue: CRDB-8791

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-authenticationPertains to authn subsystemsA-securityA-server-architectureRelates to the internal APIs and src org for server codeC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.T-server-and-securityDB Server & Security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions