Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24177

db.printSlaveReplicationInfo requires much higher privileges than necessary

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: Security, Shell
    • None
    • Replication

      db.printSlaveReplicationInfo bases all output on the information obtained via replSetGetStatus (so this is the only privilege it should need) but requires local.system.* access privileges to actually complete.

      RE: https://github.com/mongodb/mongo/blob/r3.2.6/src/mongo/shell/db.js#L1024

      It appears a simple flight check verifies if the member it is run against is in a replica-set. It could just issue the replSetGetStatus command instead and determine action on the result rather than attempting to query a "system" namespace.

            Assignee:
            backlog-server-repl [DO NOT USE] Backlog - Replication Team
            Reporter:
            andrew.ryder@mongodb.com Andrew Ryder (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: