Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31901

Empty paths in config file should not be treated as relative path

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Internal Code
    • Server Security
    • Fully Compatible
    • Service arch 2020-10-05

    Description

      Some config options specify the path to a file. Some of these treat an empty value as a relative path, which causes the option value to be the current working directory. This is normally not useful or intentional, and is likely to result in a cryptic error message later when the code attempts to use (what it expects to be) a file. Instead, the empty option value should be detected directly, and a straightforward error message returned.

      For example, if the config file inadvertently contains:

      ...
      security:
          keyFile:
      ...
      

      Then this can result in the following misleading error message(s):

      $ mongod --config test.conf
      2017-11-10T14:16:12.547+1100 I ACCESS   [main] permissions on /home/kev are too open
      $ mkdir test
      $ cd test
      $ chmod 700 .
      $ mongod --config ~/test.conf
      2017-11-10T14:16:16.846+1100 I ACCESS   [main] error reading file: /home/kev/test
      

      These error messages are not particularly useful in figuring out that the problem is that security.keyFile is empty.

      The same is true with the command-line options:

      $ mongod --keyFile ""
      2017-11-10T14:17:26.763+1100 I ACCESS   [main] permissions on /home/kev are too open
      $ cd test
      $ mongod --keyFile ""
      2017-11-10T14:17:31.047+1100 I ACCESS   [main] error reading file: /home/kev/test
      

      The problem is that if keyFile has been set, then even if the value is an empty string, it still gets passed to boost::filesystem::absolute:

          if (params.count("security.keyFile")) {
              serverGlobalParams.keyFile =
                  boost::filesystem::absolute(params["security.keyFile"].as<string>()).generic_string();
              serverGlobalParams.authState = ServerGlobalParams::AuthState::kEnabled;
          }
      

      The value needs to be checked, and the user informed directly that an empty value is invalid, eg:

          if (params.count("security.keyFile")) {
              auto keyFile = params["security.keyFile"].as<string>();
              if (keyFile.empty()) {
                  return Status(ErrorCodes::BadValue, "--keyFile cannot be empty");
              }
              serverGlobalParams.keyFile = boost::filesystem::absolute(keyFile).generic_string();
              serverGlobalParams.authState = ServerGlobalParams::AuthState::kEnabled;
          }
      

      Other similarly affected config options:

      Attachments

        Activity

          People

            backlog-server-security Backlog - Security Team
            kevin.pulo@mongodb.com Kevin Pulo
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: