[SERVER-12142] Add action type for test commands Created: 17/Dec/13  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.4
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Andreas Nilsson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Participants:

 Description   

There are a number of commands that need to be enabled at startup with enableTestCommands=1. We should implement authorization checks for the test commands.

The purpose is to protect against

  • unintentionally exposing these commands
  • someone maliciously enabling these commands

The test commands are listed at http://docs.mongodb.org/manual/reference/command/nav-testing/

After internal discussions the suggested solution is to create a new action type for running test commands, and give it to the built-in role "root". No other roles should have this permission.



 Comments   
Comment by Andreas Nilsson [ 07/Jan/14 ]

Closed the wrong issue

Generated at Thu Feb 08 03:27:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.