-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Networking, Security
-
None
-
Fully Compatible
-
ALL
This allows users other than the user running the server to access the socket file by default. The mode should default to 0700 and potentially provide an options for users to modify the default.
if (chmod(me.getAddr().c_str(), 0777) == -1) { error() << "couldn't chmod socket file " << me << errnoWithDescription() << endl; }
The current code does not even allow a user to create the socket file before the mongod/s process starts with appropriate permissions as the mongod/s always sets the permissions to 0777. This could allow an attacker to connect to the socket before the user can restrict the permissions.
- is depended on by
-
SERVER-16086 Should not open the Unix Domain Socket if the chmod fails.
- Closed
- related to
-
SERVER-14110 Inconsistent handling of numerical base specifier in startup options
- Closed
-
SERVER-18000 Mongodb socket permissions
- Closed