Disable external process commands in remote (http)#1522
Open
anuchandy wants to merge 2 commits intomicrosoft:mainfrom
Open
Disable external process commands in remote (http)#1522anuchandy wants to merge 2 commits intomicrosoft:mainfrom
anuchandy wants to merge 2 commits intomicrosoft:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a security enhancement to disable external process commands (specifically azqr) when the MCP server is running in HTTP mode with On-Behalf-Of authentication. This prevents security risks where spawned processes would execute under the server's host identity rather than the user's context.
Changes:
- Added
IsHttpOnBehalfOfMode()helper method toServiceStartOptionsto detect HTTP + OBO mode - Implemented conditional registration logic in
ExtensionSetupto excludeAzqrCommandin HTTP + OBO scenarios - Updated changelog to document the security enhancement
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| core/Azure.Mcp.Core/src/Areas/Server/Options/ServiceStartOptions.cs | Adds helper method to detect HTTP + On-Behalf-Of mode |
| tools/Azure.Mcp.Tools.Extension/src/ExtensionSetup.cs | Implements conditional registration to exclude azqr command in HTTP + OBO mode |
| servers/Azure.Mcp.Server/changelog-entries/1768876346795.yaml | Documents the security feature addition |
core/Microsoft.Mcp.Core/src/Areas/Server/Options/ServiceStartOptions.cs
Outdated
Show resolved
Hide resolved
vukelich
approved these changes
Jan 22, 2026
core/Microsoft.Mcp.Core/src/Areas/Server/Options/ServiceStartOptions.cs
Outdated
Show resolved
Hide resolved
core/Microsoft.Mcp.Core/src/Areas/Server/Options/ServiceStartOptions.cs
Outdated
Show resolved
Hide resolved
a1c8148 to
fb57052
Compare
fb57052 to
c6c5512
Compare
g2vinay
reviewed
Feb 26, 2026
g2vinay
approved these changes
Feb 26, 2026
anuchandy
commented
Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
External process commands (like azqr) use
IExternalProcessServiceto spawn local processes. In remote (HTTP) mode, this is a security risk: processes run under the server's host identity (not the OBO user's context), and malicious requests could exhaust server resources.IsHttpMode()method toServiceStartOptionsAzqrCommandregistration inExtensionSetupFixes #1521
[Any additional context, screenshots, or information that helps reviewers]GitHub issue number?
[Link to the GitHub issue this PR addresses]Pre-merge Checklist
servers/Azure.Mcp.Server/CHANGELOG.mdand/orservers/Fabric.Mcp.Server/CHANGELOG.mdfor product changes (features, bug fixes, UI/UX, updated dependencies)servers/Azure.Mcp.Server/README.mdand/orservers/Fabric.Mcp.Server/README.mddocumentationeng/scripts/Process-PackageReadMe.ps1. See Package README/servers/Azure.Mcp.Server/docs/azmcp-commands.mdand/or/docs/fabric-commands.md.\eng\scripts\Update-AzCommandsMetadata.ps1to update tool metadata in azmcp-commands.md (required for CI)ToolDescriptionEvaluatorand obtained a score of0.4or more and a top 3 ranking for all related test promptsconsolidated-tools.json/servers/Azure.Mcp.Server/docs/e2eTestPrompts.mdcrypto mining, spam, data exfiltration, etc.)/azp run mcp - pullrequest - liveto run Live Test Pipeline