Description
Today, we validate that the security key file is not world readable. We should add similar checks to the PEM key file, and other private secrets.
See src/mongo/db/auth/security_key.cpp for an example.
#if !defined(_WIN32)
|
// check permissions: must be X00, where X is >= 4
|
if ((stats.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
|
log() << "permissions on " << filename << " are too open" << endl;
|
return false;
|
}
|
#endif
|
Attachments
Issue Links
- duplicates
-
SERVER-14272 Validate security key and PEM files has good security permissions on Windows
-
- Closed
-