Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Duplicate
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
- neweng

Operating System:
ALL
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Today, we validate that the security key file is not world readable. We should add similar checks to the PEM key file, and other private secrets.

See src/mongo/db/auth/security_key.cpp for an example.

#if !defined(_WIN32)
        // check permissions: must be X00, where X is >= 4
        if ((stats.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
            log() << "permissions on " << filename << " are too open" << endl;
            return false;
        }
#endif

duplicates

SERVER-14272 Validate security key and PEM files has good security permissions on Windows

Closed

Assignee:: Unassigned

Reporter:: Mark Benvenuto

Participants:: Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: Jun 16 2014 06:57:10 PM UTC

Updated:: Dec 10 2014 11:06:06 PM UTC

Resolved:: Jul 24 2014 07:57:18 PM UTC