-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Major Change
-
ALL
The reducer and finalizer functions both provide access to the Mongo constructor, in a way that enabled a malicious user to write to arbitrary databases on the shard server (and perhaps to perform arbitrary operations).
Coincidentally, the locking logic prevents this in the mapper, but it is not very futureproof.
A proposed solution is to restrict map reduce functions, where functions, etc. to a much narrower scope of operations.
I propose they be restricted to the following scope:
BinData DBRef Geo HexData ISODate MD5 MaxKey MinKey NumberInt NumberLong ObjectId Random Timestamp UUID argumentsToArray assert compare ?? compareOn ?? doassert emit friendlyEqual gc hex_md5 isNumber isObject isString print printjson printjsononeline sleep ?? tojson tojsonObject tojsononeline verify version
As opposed to today, where they have access to the following:
print version load gc DB DBCollection DBQuery ObjectId DBRef DBPointer BinData UUID MD5 HexData NumberLong NumberInt Timestamp MaxKey MinKey hex_md5 sleep benchRun benchRunSync benchStart benchFinish Mongo _jsTestOptions __quiet __magicNoPrint __callLastError _verboseShell chatty friendlyEqual printStackTrace setVerboseShell doassert assert verify argumentsToArray isString isNumber isObject _barFormat ISODate compare compareOn tojsononeline tojson tojsonObject shellPrint printjson printjsononeline TestData jsTestName jsTestFile jsTestPath jsTestOptions setJsTestOption jsTestLog jsTest replSetMemberStatePrompt shellPrintHelper shellAutocomplete shellHelper Map Random Geo rs help __lastres__ sh connect MR MapReduceResult _mongo db _funcs1 _funcs2 _map _funcs3 _reduce _funcs4 _finalize _doFinal emit args _emitCt _keyCt _dupCt _redCt _mrMap _funcs5 _funcs6 _funcs7 _funcs8 return ____db____
- duplicates
-
-
- Closed
-
- related to
-
-
- Closed
-
-
-
- Closed
-