[SERVER-4276] prevent user access to index namespaces Created: 14/Nov/11 Updated: 06/Dec/22 Resolved: 15/Nov/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Storage |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Aaron Staple | Assignee: | Backlog - Storage Execution Team |
| Resolution: | Done | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Assigned Teams: |
Storage Execution
|
||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
The user is allowed to run operations on namespaces used to back btree indexes, for example test.foo.$id. These namespaces do not contain bson, yet mongod may attempt to read/write bson from/to them resulting in invalid bson errors and potentially memory corruption. We should prevent the user from accessing these namespaces directly. |
| Comments |
| Comment by auto [ 06/Dec/11 ] |
|
Author: {u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}Message: |
| Comment by Eliot Horowitz (Inactive) [ 04/Dec/11 ] |
|
We need things like .stats() to work. Also db.getCollection( "foo.$id" ).validate( { full : true }) |
| Comment by auto [ 04/Dec/11 ] |
|
Author: {u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}Message: |
| Comment by auto [ 04/Dec/11 ] |
|
Author: {u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}Message: |
| Comment by auto [ 04/Dec/11 ] |
|
Author: {u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}Message: |
| Comment by Aaron Staple [ 14/Nov/11 ] |
|
This fix will also prevent mongodump from inappropriately accessing the index namespaces, which has been a problem |