[SERVER-11928] Cannot downgrade from 2.5.x to 2.4.8 if there are unapplied entries for new-style users in the oplog prior to downgrade. Created: 03/Dec/13  Updated: 10/Dec/14  Resolved: 06/Mar/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.4.8
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Andy Schwerin Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-11881 addUser crashing 2.4 mongod in mixed ... Closed
Participants:

 Description   

Applying oplog entries creating or manipulating 2.6-style users will cause a fatal error in 2.4. If the secondaries are caught up past all user and role manipulations before the downgrade, they should be fine.

A solution may be to stop enforcing the form of user documents in 2.4, or to not enforce them during oplog application. This is risky because trivially malformed user documents in 2.4 can grant broad powers to users (i.e., misspelling "roles" as "roels" will lead to a 2.2-style read-write user).



 Comments   
Comment by Andy Schwerin [ 03/Dec/13 ]

dan@10gen.com, I'm not sure if this is worth implementing or not. A proper implementation might stop SERVER-11881 from being a crashing error.

Generated at Thu Feb 08 03:27:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.