Details
-
Bug
-
Resolution: Won't Fix
-
Major - P3
-
None
-
2.7.2
-
Windows
-
Security 2019-07-29
Description
See src/mongo/db/auth/security_key.cpp for ifndef _WIN32 code that validates security permissions no security key. We should add similar code for Windows.
#if !defined(_WIN32)
|
// check permissions: must be X00, where X is >= 4
|
if ((stats.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
|
log() << "permissions on " << filename << " are too open" << endl;
|
return false;
|
}
|
#endif
|
Attachments
Issue Links
- is duplicated by
-
SERVER-14271 Validate PEM files are not world readable
-
- Closed
-