[SERVER-14271] Validate PEM files are not world readable Created: 16/Jun/14  Updated: 10/Dec/14  Resolved: 24/Jul/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-14272 Validate security key and PEM files h... Closed
Operating System: ALL
Participants:

 Description   

Today, we validate that the security key file is not world readable. We should add similar checks to the PEM key file, and other private secrets.

See src/mongo/db/auth/security_key.cpp for an example.

#if !defined(_WIN32)
        // check permissions: must be X00, where X is >= 4
        if ((stats.st_mode & (S_IRWXG|S_IRWXO)) != 0) {
            log() << "permissions on " << filename << " are too open" << endl;
            return false;
        }
#endif


Generated at Thu Feb 08 03:34:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.