Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-64335

Impersonate transport session when auditing createIndex

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Server Security
    • Security 2022-05-16, Security 2022-05-30, Security 2022-07-11, Security 2023-01-09, Security 2023-01-23, Security 2023-02-06, Security 2023-02-20, Security 2023-03-06, Security 2023-03-20, Security 2023-04-17, Security 2023-05-15, Security 2023-05-29, Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24, Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18

      Index creation happens outside of a client thread. That means the index builder thread needs to impersonate the client which started the job, so that audit events include the correct user and role names. However, we do not impersonate transport session information, so local and remote IP addresses are not available. We should impersonate the transport session.

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: