Open knz opened 3 years ago
We have marked this issue as stale because it has been inactive for 18 months. If this issue is still relevant, removing the stale label or adding a comment will keep it active. Otherwise, we'll close it in 10 days to keep the issue queue tidy. Thank you for your contribution to CockroachDB!
Identified by @bdarnell in this comment
Today, we have certain places in the code that directly call a Go RPC handler method inside the server package, without actually issuing a RPC call. This bypasses authentication and may thus bypass authorization.
We need to audit these calls to see what to do about them.
In an ideal world:
none of the RPC handler methods should be usable from another package. This can be achieved by moving their implementation in a new sub-package
server/internal
internal logic should be equipped with adequate authorization barriers.
Jira issue: CRDB-8791