highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-05-13 07:23:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge bitcoin/bitcoin#33196: docs: clarify RPC credentials security boundary

Browse Source 
938312d7a6 docs: clarify RPC credentials security boundary (crStiv)

Pull request description:

  Explicitly states that RPC credentials grant full administrative access to the node and filesystem resources accessible by bitcoind. Adds a new section in JSON-RPC-interface.md to address issue https://github.com/bitcoin/bitcoin/issues/32274 by documenting that providing RPC credentials to untrusted clients

  reopened #32424

  P.S. I've tried to somehow squash all the commits from the previous pr but accidentally closed the pr and had no idea how to return back, therefore created a new pr, I'm really sorry for the inconvenience

ACKs for top commit:
  achow101:
    ACK 938312d7a6
  janb84:
    re ACK 938312d7a6
  sedited:
    ACK 938312d7a6

Tree-SHA512: 54db0651cfe4a92d700d09c822db5cb68f60f17a4634eb8f132939294e7a0ca2aea15ddc4d581610976158f7546e9c4463cfe113de9500162a0f107e168833cd
This commit is contained in:
Ava Chow
2026-05-01 17:34:17 -07:00
parent 3c2646eacc 938312d7a6
commit 567ff2b6d6
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
doc/JSON-RPC-interface.md
View File

@@ -124,6 +124,22 @@ RPC interface will be abused.
security-sensitive operations on a computer whose other programs you
trust.
- **RPC Credentials Security Boundary:** Any client with valid RPC credentials
should be treated as having significant control over both the Bitcoin Core node
and the filesystem resources accessible by the `bitcoind` process. RPC commands
can load wallet files from paths that the `bitcoind` process has permission to
access, specify file paths for operations, and potentially gain broader access
than intended. This means that someone with RPC access can potentially compromise
not only the Bitcoin Core node, but also the machine it is running on. Bitcoin Core
provides the `-rpcwhitelist` option to restrict which RPC commands specific users
can access, and `-rpcwhitelistdefault` to control the default behavior for users
without explicit whitelists. However, when using multiple wallets or sharing access
with different users, these should not be considered robust security boundaries, as
users with access to certain commands may still be able to exploit functionality in
unexpected ways. For security-sensitive operations, implement proper system-level
isolation (containers, virtualization, separate user accounts with restricted
permissions) rather than relying solely on RPC access controls.
- **Securing remote network access:** You may optionally allow other
computers to remotely control Bitcoin Core by setting the `rpcallowip`
and `rpcbind` configuration parameters. These settings are only meant