Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.7.2
Affects Version/s: None
Component/s: Networking, Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL

This allows users other than the user running the server to access the socket file by default. The mode should default to 0700 and potentially provide an options for users to modify the default.

                if (chmod(me.getAddr().c_str(), 0777) == -1) {
                    error() << "couldn't chmod socket file " << me << errnoWithDescription() << endl;
                }

The current code does not even allow a user to create the socket file before the mongod/s process starts with appropriate permissions as the mongod/s always sets the permissions to 0777. This could allow an attacker to connect to the socket before the user can restrict the permissions.

is depended on by

SERVER-16086 Should not open the Unix Domain Socket if the chmod fails.

Closed

related to

SERVER-14110 Inconsistent handling of numerical base specifier in startup options

Closed

DOCS-5203 3.0 compatibility notes should mention change in socket perms from 777 to 700

Closed

SERVER-18000 Mongodb socket permissions

Closed

Assignee:: David Hows

Reporter:: Robert Moore

Participants:: Andy Schwerin, David Hows, Githook User, Robert Moore

Votes:: 1 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: Mar 04 2014 03:03:43 AM UTC

Updated:: Apr 12 2015 08:55:11 PM UTC

Resolved:: May 29 2014 12:58:12 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates