Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13022

AF_UNIX socket file should not force a default mode of 0777.

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.7.2
    • Affects Version/s: None
    • Component/s: Networking, Security
    • None
    • Fully Compatible
    • ALL

      This allows users other than the user running the server to access the socket file by default. The mode should default to 0700 and potentially provide an options for users to modify the default.

                      if (chmod(me.getAddr().c_str(), 0777) == -1) {
                          error() << "couldn't chmod socket file " << me << errnoWithDescription() << endl;
                      }
       

      The current code does not even allow a user to create the socket file before the mongod/s process starts with appropriate permissions as the mongod/s always sets the permissions to 0777. This could allow an attacker to connect to the socket before the user can restrict the permissions.

            Assignee:
            david.hows David Hows
            Reporter:
            robert.j.moore@allanbank.com Robert Moore
            Votes:
            1 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: