[SERVER-47187] Add startup warning when SeIncreaseWorkingSetPrivilege not present Created: 30/Mar/20 Updated: 29/Oct/23 Resolved: 13/Apr/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.2.5, 4.0.17 |
| Fix Version/s: | 4.0.19, 4.2.8, 4.4.0-rc5, 4.7.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | John Murphy | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Backport Requested: |
v4.4, v4.2, v4.0
|
||||||||
| Sprint: | Security 2020-04-20 | ||||||||
| Participants: | |||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
If the server is running a locked down configuration, mongod is denied the privilege grant and the following warning is logged to stdout only during startup:
The log message can be easily missed, and if encryption at rest is in use the following fassert() can be easily hit after 10's of databases are loaded:
It would be good to log a startup warning that the required privilege is not available for use, so that the Windows system configuration can be corrected. |
| Comments |
| Comment by Githook User [ 21/May/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 905011e695e1886d9fb733f71975a3affe5f4f85) |
| Comment by Githook User [ 20/May/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 905011e695e1886d9fb733f71975a3affe5f4f85) |
| Comment by Githook User [ 08/May/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 905011e695e1886d9fb733f71975a3affe5f4f85) |
| Comment by Githook User [ 10/Apr/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |