Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12142

Add action type for test commands

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 2.5.4
    • Component/s: Security
    • Labels:
    • Server Security
    • Fully Compatible

      There are a number of commands that need to be enabled at startup with enableTestCommands=1. We should implement authorization checks for the test commands.

      The purpose is to protect against

      • unintentionally exposing these commands
      • someone maliciously enabling these commands

      The test commands are listed at http://docs.mongodb.org/manual/reference/command/nav-testing/

      After internal discussions the suggested solution is to create a new action type for running test commands, and give it to the built-in role "root". No other roles should have this permission.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: