[SERVER-8634] Make hidden _v8_function property read-only Created: 20/Feb/13  Updated: 11/Jul/16  Resolved: 20/Feb/13

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 2.4.0-rc0
Fix Version/s: 2.4.0-rc1

Type: Bug Priority: Major - P3
Reporter: Ben Becker Assignee: Ben Becker
Resolution: Done Votes: 0
Labels: javascript, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Steps To Reproduce:

db.eval('Mongo._v8_function = 0x31337; new Mongo();');

Participants:

 Description   

The non-enumerated _v8_function property can be overwritten with a user-supplied value, which will cause the process to crash when v8Callback() tries to access the property as an External type.

Should be trivial to fix by making the property read-only.



 Comments   
Comment by auto [ 20/Feb/13 ]

Author:

{u'date': u'2013-02-20T20:35:50Z', u'name': u'Ben Becker', u'email': u'ben.becker@10gen.com'}

Message: SERVER-8634: make _v8_function read-only
Branch: master
https://github.com/mongodb/mongo/commit/14ed13866d9b88f8cdf5d3456882197f7530798e

Generated at Thu Feb 08 03:17:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.