docs: clarify RPC credentials security boundary #32424
pull crStiv wants to merge 1 commits into bitcoin:master from crStiv:ishak changing 1 files +12 −0-
crStiv commented at 9:40 am on May 6, 2025: noneExplicitly states that RPC credentials grant full administrative access to the node and filesystem resources accessible by bitcoind. Adds a new section in JSON-RPC-interface.md to address issue #32274 by documenting that providing RPC credentials to untrusted clients
-
DrahtBot commented at 9:40 am on May 6, 2025: contributor
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
Code Coverage & Benchmarks
For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32424.
Reviews
See the guideline for information on the review process.
Type Reviewers ACK janb84 Stale ACK davidgumberg If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.
-
DrahtBot added the label Docs on May 6, 2025
-
in doc/JSON-RPC-interface.md:132 in ed862012f7 outdated
127+ node and any filesystem resources the bitcoind process can access. For example, 128+ clients can load wallet files from arbitrary paths that the bitcoind process 129+ has permission to access, specify custom file paths for operations, and perform 130+ any action available through the RPC interface. For these reasons, providing RPC 131+ credentials to untrusted clients is equivalent to giving them full control of 132+ the node and the same system privileges as the user running bitcoind. When
janb84 commented at 6:23 pm on May 6, 2025:0 the node and the same system privileges as the operating system user account running bitcoind. When
Small NIT, but fine to ignore
maflcko requested review from davidgumberg on May 6, 2025davidgumberg commented at 6:41 pm on May 6, 2025: contributorlgtm ACK https://github.com/bitcoin/bitcoin/pull/32424/commits/ed862012f747d4e5248f08ff25183dc666c3de6e
I opened #32274 because I wasn’t sure if this status quo is desirable or not, but I believe this documentation note reflects the present expectations for
bitcoind
RPC servers.Update JSON-RPC-interface.md
Update doc/JSON-RPC-interface.md Co-Authored-By: Jan B <608446+janb84@users.noreply.github.com>
crStiv force-pushed on May 6, 2025
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-05-08 12:13 UTC
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-05-08 12:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me
More mirrored repositories can be found on mirror.b10c.me