Pulse/cmd
rcourtman 026b9c5b77 security: add method-level authorization for privileged RPC methods
RELEASE BLOCKER FIX - Prevents containers from triggering host-level operations.

Added host-only method restrictions:
- RPCEnsureClusterKeys (SSH key distribution)
- RPCRegisterNodes (node registration)
- RPCRequestCleanup (cleanup operations)

Implementation:
- New privilegedMethods map defines host-only methods
- Request handler checks if method is privileged
- If privileged AND caller is from ID-mapped UID range (container), reject
- Host processes (real root, configured UIDs) can still call privileged methods
- Containers can still call get_temperature and get_status

Security impact:
- Prevents compromised containers from:
  • Triggering unwanted SSH key distribution to cluster nodes
  • Learning about cluster topology via forced registration
  • DOS attacks by repeatedly calling key distribution
  • Other host-level privileged operations

Without this fix, any container with root could call these methods after
authentication, undermining the security isolation between container and host.

Addresses high-severity finding #2 from security audit.
2025-10-19 16:31:50 +00:00
..
pulse Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
pulse-docker-agent feat: add docker agent command handling 2025-10-15 19:27:19 +00:00
pulse-sensor-proxy security: add method-level authorization for privileged RPC methods 2025-10-19 16:31:50 +00:00