[SERVER-39947] mongod/mongos socket should be world-accessible if server is listening on a TCP port Created: 04/Mar/19 Updated: 27/Oct/23 Resolved: 26/Mar/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Networking |
| Affects Version/s: | 4.1.8 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Oleg Pudeyev (Inactive) | Assignee: | Jonathan Reams |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Sprint: | Security 2019-03-25, Security 2019-04-08 |
| Participants: |
| Description |
|
By default, mongod/mongos creates its socket with 0700 permissions:
This means in order to use the server via the socket, if the server is running as its own user, one has to adjust socket permissions. The restrictive socket permissions add no security if mongod/mongos is also listening on a TCP port
|
| Comments |
| Comment by Jonathan Reams [ 26/Mar/19 ] |
|
Since mongod listens on an tcp port by default - in fact it's not easy to make mongod not listen on a tcp port - this request is, in effect, to change the default permissions back to being more permissive. Because strengthening our default permissions was requested externally, and has resulted in documentation changes, I don't think we should change it back. We have an easy configuration option to set the permissions of the socket to whatever a user needs and the most common deployment of mongod is to listen on TCP, so I think it makes sense to have the unix socket be more restrictive by default. |
| Comment by Oleg Pudeyev (Inactive) [ 04/Mar/19 ] |
|
Docs to adjust permissions: https://docs.mongodb.com/manual/reference/configuration-options/index.html#net.unixDomainSocket.filePermissions Given that the filePermissions setting exists, I would say a reasonable default for it would be 0666 if mongod/mongos is listening on a TCP socket, and 0600 otherwise. To my knowledge there is no reason to have execute bit set on sockets. |
| Comment by Danny Hatcher (Inactive) [ 04/Mar/19 ] |
|
In |