rpc review: allowed_rpc_exception_modules configuration option

Bug #1031719 reported by Mark McLoughlin
This bug affects 2 people
Affects Status Importance Assigned to Milestone

Bug Description

RPC allows exceptions to be serialized and deserialized in call/multicall.

The json payload includes the module name and name of the exception class. On the consumer side, we load that module and instantiate the class.

We have a whitelist of module names from which we will load exceptions. The idea here is to prevent the client from having the server load and execute arbitrary code.

Currently, this is configurable via the allowed_rpc_exception_modules configuration option. However, each project which uses the RPC API will potentially want to add modules to this whitelist. And, further, it's actually highly unlikely that users will want to configure this option.

So, it seems what we really want is an allowed_rpc_exception_modules property on a client class. But we don't have a client class. Perhaps add a client class and have a global instance? Or add a function for configuring _RPCIMPL?

For reference, the option was originally added here - https://github.com/openstack/nova/commit/a0150a4

Mark McLoughlin (markmc)
summary: - rpc review: allowed_rpc_exception_modules
+ rpc review: allowed_rpc_exception_modules configuration option
Mark McLoughlin (markmc)
Changed in openstack-common:
milestone: folsom-3 → none
Mark McLoughlin (markmc)
affects: openstack-common → oslo
Revision history for this message
Mark McLoughlin (markmc) wrote :

Supported now by allowed_remote_exmods in oslo.messaging

See http://docs.openstack.org/developer/oslo.messaging/transport.html

Changed in oslo:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers