[SERVER-75236] Disallow possibility for users to rename admin collections Created: 23/Mar/23  Updated: 13/Apr/23  Resolved: 13/Apr/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Pierlauro Sciarelli Assignee: Fausto Leyva (Inactive)
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Storage Execution
Operating System: ALL
Sprint: Execution Team 2023-04-17
Participants:
Linked BF Score: 10

 Description   

The validateNamespacesForRenameCollections function is called before a rename to validate the involved namespaces.

A fuzzer test successful issued a rename on the admin database, meaning that users can potentially do that. We should disallow renames on the admin db in order to prevent renaming internal system collections.



 Comments   
Comment by Pierlauro Sciarelli [ 13/Apr/23 ]

Thanks Fausto, SERVER-74679 indeed solved the issue on sharded clusters!

Comment by Fausto Leyva (Inactive) [ 13/Apr/23 ]

validateNamespacesForRenameCollection() should not disallow updates to adminDB (that should be handled in the security auth layer).

Generated at Thu Feb 08 06:29:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.