Skip to content

[BUG] Block external process commands (that spawn az, azd, etc.) from being invoked in remote mode #1521

New issue
New issue
Open
#1522
Open
[BUG] Block external process commands (that spawn az, azd, etc.) from being invoked in remote mode#1521
#1522
Assignees
anuchandy
Labels
remote-mcp
Milestone
2026-01
@anuchandy

Description

@anuchandy
anuchandy
opened on Jan 20, 2026

Describe the bug

External process commands (like azqr) use IExternalProcessService to spawn local processes. In HTTP + OBO mode, this is a security risk: processes run under the server's host identity (not the OBO user's context), and malicious requests could exhaust server resources.

Expected behavior

In HTTP + On-Behalf-Of mode, tools that spawn child processes should be disabled.

Actual behavior

Unbounded child processes can be spawned under the server's host identity

Reproduction Steps

  1. Start the server in HTTP + OBO mode
  2. Invoke a tool that uses external processes (e.g., extension_azqr)
  3. Observe child processes spawning under the server's host identity

Environment

HTTP + OBO mode running anywhere

Metadata

Metadata

Assignees

Labels

remote-mcp

Type

No type

Projects

Azure MCP Server

Status

In Progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions