[SERVER-29826] Prevent user writes to internal replication collections Created: 23/Jun/17 Updated: 06/Dec/22 Resolved: 15/Aug/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matthew Russotto | Assignee: | Backlog - Replication Team |
| Resolution: | Duplicate | Votes: | 2 |
| Labels: | former-quick-wins, neweng | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Assigned Teams: |
Replication
|
||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||
| Backport Requested: |
v4.0, v3.6
|
||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Linked BF Score: | 67 | ||||||||||||||||||||||||||||
| Description |
|
We should prevent CRUD writes, as well as renames, to at least:
and possibly others. |
| Comments |
| Comment by Siyuan Zhou [ 24/Jun/19 ] |
|
We should also prevent CRUD writes to local.system.replset and local.replset.election. |
| Comment by Spencer Brody (Inactive) [ 31/Jul/17 ] |
|
This should probably be done by leveraging the access control system. |
| Comment by Judah Schvimer [ 07/Jul/17 ] |
|
Beyond preventing renames, should we also prevent drops, arbitrary updates, inserts, or removes? |
| Comment by Crystal Horn [ 29/Jun/17 ] |
|
We should do this for all replication internal collections. |