|
Starting with a custom bind_ip, which does not resolve should not be permitted.
$ ./mongod ... --bind_ip=foo
|
...
|
[initandlisten] options: { net: { bindIp: "foo", http: { RESTInterfaceEnabled: true, enabled: true } },...
|
[initandlisten] getaddrinfo("foo") failed: nodename nor servname provided, or not known
|
[initandlisten] waiting for connections on port 27017
|
[websvr] getaddrinfo("foo") failed: nodename nor servname provided, or not known
|
[websvr] admin web console waiting for connections on port 28017
|
As you can see above, even though the bind_ip is specified, the server still listens on all addresses which could be a serious security or ops problem.
$ netstat -na | grep LIST
|
tcp4 0 0 *.28017 *.* LISTEN
|
tcp4 0 0 *.27017 *.* LISTEN
|
If there is any error resolving, or listening on any of the bind_ip (addresses) the server should fail to initialize just like if the port is already used or not allowed to be used for the user/process trying to listen on it.
Here are some examples of similar errors:
// IP specified not valid on the host
|
[initandlisten] listen(): bind() failed errno:49 Can't assign requested address for socket: 127.1.1.1:27017
|
[websvr] listen(): bind() failed errno:49 Can't assign requested address for socket: 127.1.1.1:28017
|
... shutdown
|
// Protected port specified
|
[initandlisten] listen(): bind() failed errno:13 Permission denied for socket: 0.0.0.0:80
|
... shutdown
|
Having a better, and consistent, error message for all these cases might be nice as well, but first and foremost, the system should be stable and secure.
|