[SERVER-4471] [SECURITY] MapReduce able to overwrite any collection in any db regardless of authentication Created: 11/Dec/11 Updated: 11/Jul/16 Resolved: 22/Dec/11 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | MapReduce, Security |
| Affects Version/s: | 2.0.1 |
| Fix Version/s: | 2.1.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | György Nagy | Assignee: | Antoine Girbal |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Operating System: | ALL |
| Participants: |
| Description |
|
use admin; use test; restart mongo with authentication. Now, with the next snippet you can wipe the admin db's importantCollection: ); , , In short: you run a M/R on a collection that you have access, but the output is an other db's collection that you have no rights to read or write. |
| Comments |
| Comment by Antoine Girbal [ 22/Dec/11 ] | |
|
was already fixed, added test | |
| Comment by auto [ 22/Dec/11 ] | |
|
Author: {u'login': u'agirbal', u'name': u'agirbal', u'email': u'antoine@10gen.com'}Message: | |
| Comment by Antoine Girbal [ 22/Dec/11 ] | |
|
thanks for the example. com.mongodb.CommandResult$CommandFailure: command failed [command failed [mapreduce] { "serverUsed" : "localhost:27017" , "errmsg" : "exception: unauthorized db:admin lock type:1 client:127.0.0.1" , "code" : 10057 , "ok" : 0.0} at com.mongodb.CommandResult.getException(CommandResult.java:75) | |
| Comment by György Nagy [ 18/Dec/11 ] | |
|
Attaching my working example. I have a server that has 3 db: admin, stats and tuner_db. All db has a user and authentication is turned on. I hope this will be a better example than the previos one. | |
| Comment by Antoine Girbal [ 17/Dec/11 ] | |
|
I cannot reproduce this with either 2.0.1 or master. command:
With 2.0.1: com.mongodb.MongoException: unauthorized db:admin lock type:-1 client:127.0.0.1 with master: com.mongodb.CommandResult$CommandFailure: command failed [command failed [mapreduce] { "serverUsed" : "localhost:27017" , "errmsg" : "exception: unauthorized db:admin lock type:1 client:127.0.0.1" , "code" : 10057 , "ok" : 0.0} at com.mongodb.CommandResult.getException(CommandResult.java:75) |