Merge pull request #10548 from SomberNight/202603_lockdown_rpcserver

in GUI mode, only start a limited minimal RPC server
2026-03-31 15:25:52 +00:00
parent 8942ceace8 726d3995f4
commit 09a09057f6
3 changed files with 30 additions and 10 deletions
@@ -132,6 +132,7 @@ from electrum.commands import get_parser, get_simple_parser, known_commands, Com
 from electrum import daemon
 from electrum.util import create_and_start_event_loop, UserFacingException, JsonRPCError
 from electrum.i18n import set_language
+from electrum import constants

 if TYPE_CHECKING:
    import threading
@@ -518,7 +519,9 @@ def handle_cmd(*, cmdname: str, config: 'SimpleConfig', config_options: dict):
        configure_logging(config)
        fd = daemon.get_file_descriptor(config)
        if fd is not None:
-            d = daemon.Daemon(config, fd, start_network=False)
+            # When running in GUI mode, only start a limited minimal RPC server, to limit attack surface.
+            only_minimal_jsonrpc = not constants.net.TESTNET
+            d = daemon.Daemon(config, fd, start_network=False, only_minimal_jsonrpc=only_minimal_jsonrpc)
            try:
                d.run_gui()
            except BaseException as e:
@@ -544,7 +547,7 @@ def handle_cmd(*, cmdname: str, config: 'SimpleConfig', config_options: dict):
        fd = daemon.get_file_descriptor(config)
        if fd is not None:
            # run daemon
-            d = daemon.Daemon(config, fd)
+            d = daemon.Daemon(config, fd, only_minimal_jsonrpc=False)
            d.run_daemon()
            sys_exit(0)
        else:
@@ -586,7 +589,7 @@ def handle_cmd(*, cmdname: str, config: 'SimpleConfig', config_options: dict):
            except Exception as e:
                _logger.exception("error running command (with daemon)")
                sys_exit(1)
-        else:
+        else:  # --offline
            if cmd.requires_network:
                print_msg("This command cannot be run offline")
                sys_exit(1)