[SERVER-4276] prevent user access to index namespaces Created: 14/Nov/11  Updated: 06/Dec/22  Resolved: 15/Nov/16

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Aaron Staple Assignee: Backlog - Storage Execution Team
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
is duplicated by SERVER-4190 SEGFAULT doing query Closed
Related
related to SERVER-4440 replica never goes back to secondary ... Closed
Assigned Teams:
Storage Execution
Participants:

 Description   

The user is allowed to run operations on namespaces used to back btree indexes, for example test.foo.$id. These namespaces do not contain bson, yet mongod may attempt to read/write bson from/to them resulting in invalid bson errors and potentially memory corruption. We should prevent the user from accessing these namespaces directly.



 Comments   
Comment by auto [ 06/Dec/11 ]

Author:

{u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}

Message: SERVER-4276 replication implementation specifies a client ns including $cmd for commands, causing buildbot failure when combined with the new namespace guard; going to disable the 'normal' namespace client guard pending clarification of desired behavior in the jira (there are some preexisting questions about correct behavior)
Branch: master
https://github.com/mongodb/mongo/commit/a70fbc392c3cc261d9e8c73bfa5cab6a321bf89e

Comment by Eliot Horowitz (Inactive) [ 04/Dec/11 ]

We need things like .stats() to work.

Also db.getCollection( "foo.$id" ).validate(

{ full : true }

)

Comment by auto [ 04/Dec/11 ]

Author:

{u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}

Message: SERVER-4276 update index namespace guard for new client context implementation
Branch: master
https://github.com/mongodb/mongo/commit/bd50d4591b1e6255ef7a4c397b9158f9ec9029c9

Comment by auto [ 04/Dec/11 ]

Author:

{u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}

Message: SERVER-4276 error code
Branch: master
https://github.com/mongodb/mongo/commit/d1eab2cbc44ca0afbbc10dfcde2ca8322e76a33b

Comment by auto [ 04/Dec/11 ]

Author:

{u'login': u'astaple', u'name': u'Aaron', u'email': u'aaron@10gen.com'}

Message: SERVER-4276 prevent client access to index namespaces
Branch: master
https://github.com/mongodb/mongo/commit/1299e0cc56fe18d983091eec296ffc24cc1060ad

Comment by Aaron Staple [ 14/Nov/11 ]

This fix will also prevent mongodump from inappropriately accessing the index namespaces, which has been a problem SERVER-4190.

Generated at Thu Feb 08 03:05:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.