prevent permission privilege escalation#7
Merged
https-richardy merged 14 commits intoMar 13, 2026
Conversation
…namespace policy service
… to create a reserved permission
…vention when there is an attempt to create a reserved permission
…sure that reserved permissions cannot be created
…ons in the bootstrapper
…space policy service
… of attempting to create a reserved permission
…ks so that reserved permissions cannot be created, preventing privilege escalation.
…ions namespace policy service
…mmon.constants” namespace
…ng tests, correctly cleaning up resources
https-richardy
deleted the
fix/06-prevent-permission-privilege-escalation
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request addresses a privilege escalation vulnerability in the permission management model.
Previously, realms were allowed to create permissions with arbitrary names. Since authorization checks rely on permission identifiers, a realm could create a permission using the same identifier as a system-reserved permission (for example administrative permissions such as viewing or managing realms). By doing so, the realm could associate that permission to itself or to a user and gain access to protected endpoints.
This change introduces a protection mechanism that prevents realms from creating or renaming permissions whose identifiers belong to the system-reserved permission namespace. A dedicated permission namespace policy is now enforced to validate whether a permission name is allowed within the context of the current realm.
With this change in place, reserved system permissions remain controlled exclusively by the system authority, preventing namespace collisions and eliminating the possibility of privilege escalation through forged permission identifiers.