[SERVER-5279] Bypass auth check when logging "ClientCursor::yield can't unlock" message Created: 10/Mar/12  Updated: 03/Jan/18  Resolved: 21/Dec/12

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: 2.0.2
Fix Version/s: 2.3.2

Type: Improvement Priority: Minor - P4
Reporter: Richard Kreuter (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Participants:
Case:

 Description   

When auth is enabled, certain log operations aren't as informative as they might be. For example, the warning about not yielding because the recursive lock is held tries to get the current op's info, which is only available to threads authenticated to the admin db, so the warning message reports 'top:

{ err : "unauthorized" }

'.

So maybe log messages should make a practice of bypassing auth checks of this sort, so long as we're only sending log output to files and other things that only ops folks can get at.



 Comments   
Comment by auto [ 12/Dec/12 ]

Author:

{u'date': u'2012-12-11T22:59:40Z', u'email': u'spencer@10gen.com', u'name': u'Spencer T Brody'}

Message: SERVER-7572 SERVER-5279 Remove CurOp::info auth checking
Branch: master
https://github.com/mongodb/mongo/commit/986788c0f9a9ec9b61e83e7ea9c348e731ce3f97

Comment by Spencer Brody (Inactive) [ 09/Nov/12 ]

While fixing any single instance of this problem is pretty easy (can just put a GodScope block around any code gathering information to be passed to the LOG() function), I can't think of a good way to fix it in general for all log messages. This is because generally the information being used as part of the log message is gathered outside of any logging code and then passed into the LOG() function via the stream operator <<.

Generated at Thu Feb 08 03:08:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.