Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28356

Disallow writes to oplog from all builtin roles

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • Server Security
    • ALL
    • Security 2018-10-08, Security 2018-10-22

    Description

      A normal user who has write access to the "local" database is currently not disallowed from writing arbitrary data to the oplog. We should discuss more stringent rules about when (if ever) to allow these kinds of arbitrary oplog writes.

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            william.schultz@mongodb.com William Schultz (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: