RPC dispatch should restrict methods to those that are explicitly exposed
Bug #1194279 reported by
Christopher Armstrong
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo.messaging |
Fix Released
|
Wishlist
|
Paul Vinciguerra |
Bug Description
The RPC dispatcher should not allow calling any method on RPC proxy objects. Even though the RPC mechanism is meant to be entirely internal on a secure transport, there should be a reasonable attempt at security to prevent exposing internal methods of service implementations.
The following document implicitly describes an "rpc.expose" decorator which is used to specify which methods should be exposed. This should be implemented and required for future versions of code that use Oslo RPC.
Changed in oslo: | |
status: | New → Confirmed |
Changed in oslo: | |
importance: | Undecided → Wishlist |
affects: | oslo → oslo.messaging |
Changed in oslo.messaging: | |
status: | Confirmed → Triaged |
To post a comment you must log in.
Apart from the security concern, I think an expose decorator makes the code much more clear, so readers can easily determine which methods of an RPC proxy are public and which are implementation helpers.