Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28356

Disallow writes to oplog from all builtin roles

    • Type: Icon: Bug Bug
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • Server Security
    • ALL
    • Security 2018-10-08, Security 2018-10-22

      A normal user who has write access to the "local" database is currently not disallowed from writing arbitrary data to the oplog. We should discuss more stringent rules about when (if ever) to allow these kinds of arbitrary oplog writes.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            william.schultz@mongodb.com Will Schultz
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: