Summary
The POST /policy/reload endpoint accepts unauthenticated requests from any local process. This allows a complete policy replacement without any bearer token, API key, or other credential check.
Impact
For a security-critical authorization sidecar, this is a significant attack surface. A compromised or malicious local process can:
- POST a permissive policy (e.g., allow-all) to
/policy/reload
- Immediately gain authorization for any action
- If delegation is enabled, obtain a mandate and execute arbitrary commands
This is especially concerning in shared-host or container environments where multiple processes share localhost.
Suggested Mitigations
- Require a bearer token or shared secret for
/policy/reload (consistent with how /v1/authorize can require one in local_idp mode)
- Alternatively, provide a config flag to disable hot-reload entirely (some deployments prefer restart-only policy changes)
- At minimum, document the risk so operators can make an informed decision
Our Workaround
We removed the route entirely from src/http/mod.rs before building. Policy changes require a sidecar restart, which is acceptable for our use case and eliminates the attack surface.
Summary
The
POST /policy/reloadendpoint accepts unauthenticated requests from any local process. This allows a complete policy replacement without any bearer token, API key, or other credential check.Impact
For a security-critical authorization sidecar, this is a significant attack surface. A compromised or malicious local process can:
/policy/reloadThis is especially concerning in shared-host or container environments where multiple processes share localhost.
Suggested Mitigations
/policy/reload(consistent with how/v1/authorizecan require one inlocal_idpmode)Our Workaround
We removed the route entirely from
src/http/mod.rsbefore building. Policy changes require a sidecar restart, which is acceptable for our use case and eliminates the attack surface.