[SERVER-38558] --encryptionKeyFile arguments requires the full path when using --fork Created: 12/Dec/18  Updated: 29/Oct/23  Resolved: 05/Apr/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 4.0.4
Fix Version/s: 4.1.10

Type: Bug Priority: Minor - P4
Reporter: David Schuppner Assignee: Jonathan Reams
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2018-12-11-18-16-52-131.png     Text File mongo_withOut_fork.log     Text File mongo_with_fork.log    
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

The following fails

vagrant@m040:~$ pwd
/home/vagrant
vagrant@m040:~$ mongod --dbpath ./M310-HW-2.5/r0 --logpath ./M310-HW-2.5/r0/mongo.log --port 31250 --replSet UNENCRYPTED --enableEncryption --encryptionKeyFile *.*/M310-HW-2.5/master_key *--fork*

 

The following succeeds

vagrant@m040:~$ pwd
/home/vagrant
vagrant@m040:~$ mongod --dbpath ./M310-HW-2.5/r0 --logpath ./M310-HW-2.5/r0/mongo.log --port 31250 --replSet UNENCRYPTED --enableEncryption --encryptionKeyFile ./M310-HW-2.5/master_key

This succeeds as well

vagrant@m040:~$ pwd
/home/vagrant
vagrant@m040:~$ mongod --dbpath ./M310-HW-2.5/r0 --logpath ./M310-HW-2.5/r0/mongo.log --port 31250 --replSet UNENCRYPTED --enableEncryption --encryptionKeyFile */home/vagrant*/M310-HW-2.5/master_key --fork

See attached logs

 

 

 

Sprint: Security 2019-04-08
Participants:

 Description   

The path to encryptionKeyFile option has to be a full/absolute path when using --fork option where as other options will resolve the relative paths when using the --fork option.

 

See attached logs

 

This is similar same issue but different parameter fixed in

https://jira.mongodb.org/browse/SERVER-8524

 

"it's because --fork changes the CWD. We are doing something special in the code to convert the relative paths for dbpath and logpath into absolute paths. We will have to do something similar for the SSL paths"

 

 

 



 Comments   
Comment by Githook User [ 05/Apr/19 ]

Author:

{'name': 'Jonathan Reams', 'username': 'jbreams', 'email': 'jbreams@mongodb.com'}

Message: SERVER-38558 Canonicalize key file path when storing options
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/9e7a9c297162a165100c2a78704e3167163fbf74

Comment by Ramon Fernandez Marina [ 13/Dec/18 ]

Thanks for the report and the detailed reproducer dschuppner, we've forwarded this to the Platform Team for scheduling.

Regards,
Ramón.

Generated at Thu Feb 08 04:49:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.