Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14927

Bad bind_ip should fail, not listen on all addresses

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL

      Description

      Starting with a custom bind_ip, which does not resolve should not be permitted.

      $ ./mongod ... --bind_ip=foo
      ...
      [initandlisten] options: { net: { bindIp: "foo", http: { RESTInterfaceEnabled: true, enabled: true } },...
      [initandlisten] getaddrinfo("foo") failed: nodename nor servname provided, or not known
      [initandlisten] waiting for connections on port 27017
      [websvr] getaddrinfo("foo") failed: nodename nor servname provided, or not known
      [websvr] admin web console waiting for connections on port 28017

      As you can see above, even though the bind_ip is specified, the server still listens on all addresses which could be a serious security or ops problem.

      $ netstat -na | grep LIST
      tcp4       0      0  *.28017                *.*                    LISTEN     
      tcp4       0      0  *.27017                *.*                    LISTEN     

      If there is any error resolving, or listening on any of the bind_ip (addresses) the server should fail to initialize just like if the port is already used or not allowed to be used for the user/process trying to listen on it.

      Here are some examples of similar errors:

      // IP specified not valid on the host
      [initandlisten] listen(): bind() failed errno:49 Can't assign requested address for socket: 127.1.1.1:27017
      [websvr] listen(): bind() failed errno:49 Can't assign requested address for socket: 127.1.1.1:28017
      ... shutdown
      // Protected port specified
      [initandlisten] listen(): bind() failed errno:13 Permission denied for socket: 0.0.0.0:80
      ... shutdown

      Having a better, and consistent, error message for all these cases might be nice as well, but first and foremost, the system should be stable and secure.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              amalia.hawkins@10gen.com Amalia Hawkins
              Reporter:
              scotthernandez Scott Hernandez
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: