rpc: we're not enforcing one tenant not talking gRPC to another tenant #95465
Assignees
Labels
A-multitenancy
Related to multi-tenancy
A-security
C-bug
Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.
T-multitenant
Issues owned by the multi-tenant virtual team
Comments
andreimatei
added
C-bug
|
fixed by #96152 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A tenant is supposed to only be able to make RPCs to servers from the same tenant, and to KV. But we're missing checks for the first part - as far as CRDB is concerned, I think one tenant can call into any other. In CC we have network-level protection against this.
I've briefly looked into adding the missing checks, but I failed to do something good with the current code structure. There's this code which deals with authenticating the caller, but as written it doesn't even return a tenant ID when the receiver is a tenant server, so the authorization code is inhibited.
cc @ajstorm
Jira issue: CRDB-23525
The text was updated successfully, but these errors were encountered: