Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-55014

KillCursors operation is not audited in legacy mode console

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 5.0.0
    • None
    • None
    • None
    • Minor Change
    • ALL
    • Hide
      • Start mongod with auditing enabled
      • Prepare a table with some dummy data

          for (let i = 0; i < 100; i++) {
              assert.writeOK(db.audit.insert({ _id: i }));
          }
      

      • Connect to mongod using console in legacy mode such as:

      mongo 127.0.0.1:20000/admin --readMode=legacy --useLegacyWriteOps
      

      • Execute following code:

                  let query = db.audit.find().batchSize(1); 
                  query.next();
                  query.close();
      

      • Observe that there is an event "atype=authCheck,command=find", followed by "atype=authCheck,command=endSessions". There is no "atype=authCheck,command=killCursors".
      • Wireshark does demonstrate that there indeed is a killCursors operation:

      Show
      Start mongod with auditing enabled Prepare a table with some dummy data for (let i = 0; i < 100; i++) { assert.writeOK(db.audit.insert({ _id: i })); } Connect to mongod using console in legacy mode such as: mongo 127.0.0.1:20000/admin --readMode=legacy --useLegacyWriteOps Execute following code: let query = db.audit.find().batchSize(1); query.next(); query.close(); Observe that there is an event "atype=authCheck,command=find", followed by "atype=authCheck,command=endSessions". There is no "atype=authCheck,command=killCursors". Wireshark does demonstrate that there indeed is a killCursors operation:
    • Security 2021-03-22

    Attachments

      Activity

        People

          sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
          sergey.galtsev@mongodb.com Sergey Galtsev (Inactive)
          Votes:
          0 Vote for this issue
          Watchers:
          1 Start watching this issue

          Dates

            Created:
            Updated:
            Resolved: