Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3666

mongod --auth must disable __system access

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker - P1
    • Resolution: Fixed
    • Affects Version/s: 1.9.2
    • Fix Version/s: 1.8.4, 2.0.0-rc0
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      ALL

      Activity

      Hide
      auto auto (Inactive) added a comment -

      Author:

      {u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'}

      Message: don't allow access to internal user when running with --auth SERVER-3666
      Branch: master
      https://github.com/mongodb/mongo/commit/51493ee6425646f175718d8320f12550d8743f21

      Show
      auto auto (Inactive) added a comment - Author: {u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'} Message: don't allow access to internal user when running with --auth SERVER-3666 Branch: master https://github.com/mongodb/mongo/commit/51493ee6425646f175718d8320f12550d8743f21
      Hide
      kristina Kristina Chodorow (Inactive) added a comment -

      Credit: thanks to Frazer Lewis of NGS Secure, who discovered and informed us of this bug.

      Show
      kristina Kristina Chodorow (Inactive) added a comment - Credit: thanks to Frazer Lewis of NGS Secure, who discovered and informed us of this bug.
      Hide
      auto auto (Inactive) added a comment -

      Author:

      {u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'}

      Message: only allow internal user with --keyFile option SERVER-3666
      Branch: v1.8
      https://github.com/mongodb/mongo/commit/bc8b2ef3cc55a18274920ededbba6e18e99626e4

      Show
      auto auto (Inactive) added a comment - Author: {u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'} Message: only allow internal user with --keyFile option SERVER-3666 Branch: v1.8 https://github.com/mongodb/mongo/commit/bc8b2ef3cc55a18274920ededbba6e18e99626e4

        People

        • Assignee:
          kristina Kristina Chodorow (Inactive)
          Reporter:
          kristina Kristina Chodorow (Inactive)
          Participants:
          Last commenter:
          Ramon Fernandez
        • Votes:
          0 Vote for this issue
          Watchers:
          1 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved:
            Days since reply:
            3 years, 45 weeks, 2 days ago
            Date of 1st Reply: