Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Won't Fix
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 2.7.2
Component/s: Security
Labels:
- neweng
- platforms-re-triaged

Operating System:
Windows
Sprint:
Security 2019-07-29
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

See src/mongo/db/auth/security_key.cpp for ifndef _WIN32 code that validates security permissions no security key. We should add similar code for Windows.

#if !defined(_WIN32)
        // check permissions: must be X00, where X is >= 4
        if ((stats.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
            log() << "permissions on " << filename << " are too open" << endl;
            return false;
        }
#endif

is duplicated by

SERVER-14271 Validate PEM files are not world readable

Closed

Assignee:: Mark Benvenuto

Reporter:: Mark Benvenuto

Participants:: Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Jun 16 2014 06:59:50 PM UTC

Updated:: Jul 23 2019 03:11:14 PM UTC

Resolved:: Jul 23 2019 03:11:14 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates