[SERVER-25890] Prevent user-initiated writes to the system.views collection Created: 31/Aug/16 Updated: 06/Dec/22 Resolved: 25/Jan/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Write Ops |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Max Hirschhorn | Assignee: | Backlog - Storage Execution Team |
| Resolution: | Done | Votes: | 0 |
| Labels: | read-only-views | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Storage Execution
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
Work was done in
It is worth mention that issues such as |
| Comments |
| Comment by Eric Milkie [ 25/Jan/17 ] |
|
Fuzzer is going to proceed with |
| Comment by Andy Schwerin [ 25/Jan/17 ] |
|
As originally conceived, the "root" role should have done this, but somebody gave "root" "restore" privileges, which might have removed the utility of that. However, you could create a user with the roles "readWriteAnyDatabase", "clusterAdmin", "dbAdminAnyDatabase" and "userAdminAnyDatabase" – and optionally "backup". |
| Comment by Max Hirschhorn [ 25/Jan/17 ] |
schwerin, are you proposing that we have the fuzzer always authenticate as a user that doesn't have permission to write to the system.views collection? Is there an easy way to express having all privileges on the cluster, databases, and collections, except for "insert" and "update" on {db: "", collection: "system.views"}? |
| Comment by Andy Schwerin [ 25/Jan/17 ] |
|
Does the fuzzer have auth on? I'd prefer that the access control system |
| Comment by Eric Milkie [ 25/Jan/17 ] |
|
We should reconsider doing something about this now that 3.4.0 is released. With the current behavior, the fuzzer is able to create invalid views that cause test failures, yet blacklisting this behavior in the fuzzer is something I'd like to avoid if possible. |