[SERVER-25963] shell should warn user if .dbshell history file is read/writeable by other users Created: 06/Sep/16  Updated: 08/Jan/24  Resolved: 12/Aug/19

Status: Closed
Project: Core Server
Component/s: Shell
Affects Version/s: 3.3.12
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Kevin Pulo Assignee: DO NOT USE - Backlog - Dev Tools
Resolution: Won't Fix Votes: 0
Labels: platforms-re-triaged
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-25335 0002 umask yields world-readable .dbs... Closed
Assigned Teams:
Developer Tools
Sprint: Platforms 2016-09-19, Platforms 2016-10-10, Platforms 2016-10-31
Participants:

 Description   

SERVER-25335 means that the shell will no longer create the .dbshell history file with overly broad permissions (readable/writable by group or other). However, this doesn't help users who already have a history file with overly broad permissions, and who are not aware of this problem.

The shell cannot explicitly chmod the history file, because that would potentially override the user's intentions in some cases (eg. a history file that is deliberately readable by other members of an admin Unix group).

Thus the shell should output a single-line warning to the user if the permissions on the history file permit other users to read or write it. This is similar to how OpenSSH handles overly broad permissions on private key files (except that it will outright refuse to run, since broad permissions on private key material is never reasonable).

Note that this will require checking not just the permissions on the history file, but also on the home directory (and all ancestor directories). For example, a mode 0644 .dbshell file in a mode 0700 home directory should not issue the warning. Specifically, the warning requires:

  • the owner of the history file does not match the effective uid of the running shell, OR
    • the history file mode must match when ANDed against a mask of 0077, AND
    • all containing parent directories that have the same owner as the history file match against a mask of 0011, AND
    • all containing parent directories that have a different owner match against a mask of 0111.


 Comments   
Comment by Andrew Morrow (Inactive) [ 01/Nov/16 ]

kevin.pulo - I do not think this issue is serious enough to warrant inclusion in MongoDB 3.4 this late in the process. I'm kicking this out to 3.5. We can always evaluate it for backport to 3.4 when it is resolved.

Generated at Thu Feb 08 04:10:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.