Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12142

Add action type for test commands

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor - P4 Minor - P4
    • None
    • 2.5.4
    • Security
    • Server Security
    • Fully Compatible

    Description

      There are a number of commands that need to be enabled at startup with enableTestCommands=1. We should implement authorization checks for the test commands.

      The purpose is to protect against

      • unintentionally exposing these commands
      • someone maliciously enabling these commands

      The test commands are listed at http://docs.mongodb.org/manual/reference/command/nav-testing/

      After internal discussions the suggested solution is to create a new action type for running test commands, and give it to the built-in role "root". No other roles should have this permission.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated: