Pulse/cmd/pulse-sensor-proxy
rcourtman 026b9c5b77 security: add method-level authorization for privileged RPC methods
RELEASE BLOCKER FIX - Prevents containers from triggering host-level operations.

Added host-only method restrictions:
- RPCEnsureClusterKeys (SSH key distribution)
- RPCRegisterNodes (node registration)
- RPCRequestCleanup (cleanup operations)

Implementation:
- New privilegedMethods map defines host-only methods
- Request handler checks if method is privileged
- If privileged AND caller is from ID-mapped UID range (container), reject
- Host processes (real root, configured UIDs) can still call privileged methods
- Containers can still call get_temperature and get_status

Security impact:
- Prevents compromised containers from:
  • Triggering unwanted SSH key distribution to cluster nodes
  • Learning about cluster topology via forced registration
  • DOS attacks by repeatedly calling key distribution
  • Other host-level privileged operations

Without this fix, any container with root could call these methods after
authentication, undermining the security isolation between container and host.

Addresses high-severity finding #2 from security audit.
2025-10-19 16:31:50 +00:00
..
auth.go Automate sensor proxy container mount and auth 2025-10-14 12:41:48 +00:00
auth_test.go Automate sensor proxy container mount and auth 2025-10-14 12:41:48 +00:00
cleanup.go feat: add comprehensive node cleanup system 2025-10-17 18:53:45 +00:00
config.go Automate sensor proxy container mount and auth 2025-10-14 12:41:48 +00:00
main.go security: add method-level authorization for privileged RPC methods 2025-10-19 16:31:50 +00:00
metrics.go refactor: Rename pulse-temp-proxy to pulse-sensor-proxy 2025-10-13 13:17:05 +00:00
ssh.go feat: add comprehensive node cleanup system 2025-10-17 18:53:45 +00:00
throttle.go refactor: Rename pulse-temp-proxy to pulse-sensor-proxy 2025-10-13 13:17:05 +00:00
validation.go security: fix SSH command injection vulnerabilities in pulse-sensor-proxy 2025-10-19 16:28:38 +00:00