[SERVER-47187] Add startup warning when SeIncreaseWorkingSetPrivilege not present - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 4.2.5, 4.0.17
Fix Version/s: 4.0.19, 4.2.8, 4.4.0-rc5, 4.7.0
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.4, v4.2, v4.0
Sprint:
Security 2020-04-20
Case:

Description

~~SERVER-23705~~ added code to enable the SeIncreaseWorkingSetPrivilege privilege for the mongod process on Windows.

If the server is running a locked down configuration, mongod is denied the privilege grant and the following warning is logged to stdout only during startup:

2020-03-26T16:03:35.664+1100 W -        [main] Failed to adjust token privilege for privilege 'SeIncreaseWorkingSetPrivilege'

The log message can be easily missed, and if encryption at rest is in use the following fassert() can be easily hit after 10's of databases are loaded:

2020-03-18T07:32:00.387+0800 F -        [conn301] Failed to SetProcessWorkingSetSizeEx: A required privilege is not held by the client.

2020-03-18T07:32:00.387+0800 F -        [conn301] Fatal Assertion 40286 at src\mongo\base\secure_allocator.cpp 154

It would be good to log a startup warning that the required privilege is not available for use, so that the Windows system configuration can be corrected.

Attachments

Activity

People

Assignee:: Mark Benvenuto

Reporter:: John Murphy

Participants:: Githook User, John Murphy, Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Mar 30 2020 07:37:08 PM UTC

Updated:: Dec 10 2022 03:23:28 AM UTC

Resolved:: Apr 13 2020 04:05:17 PM UTC