<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:31:03 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-13232] resetDbpath() ignores authentication</title>
                <link>https://jira.mongodb.org/browse/SERVER-13232</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;resetDbpath(&apos;/path&apos;) seems to be a &lt;tt&gt;mongo&lt;/tt&gt; shell test function which is left enabled by default.  It recursively removes the specified path (and {{mkdir()}}s a new directory with the same name).&lt;/p&gt;

&lt;p&gt;Since it is run in the shell, it runs without regards to authentication.  If the shell user has write access (or is root) to the specified path, all files are removed.  Since it&apos;s run in the shell and is not a dbcommand, no message is logged to the server.&lt;/p&gt;

&lt;p&gt;Note that &lt;tt&gt;startMongodEmpty&lt;/tt&gt; is similarly destructive.&lt;/p&gt;

&lt;p&gt;Reproduce:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongo --eval &apos;resetDbpath(&quot;/data/db&quot;)&apos;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongo --eval &apos;startMongodEmpty(&quot;--dbpath&quot;, &quot;/data/db&quot;, &quot;--port&quot; , &quot;9999&quot;)&apos;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</description>
                <environment>mongo --version: MongoDB shell version: 2.4.3&lt;br/&gt;
mongod --version: &lt;br/&gt;
db version v2.4.3&lt;br/&gt;
Sun May 26 23:06:10.363 git version: fe1743177a5ea03e91e0052fb5e2cb2945f6d95f&lt;br/&gt;
uname -a: &lt;br/&gt;
Darwin monongahela 12.3.0 Darwin Kernel Version 12.3.0: Sun Jan  6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64</environment>
        <key id="76658">SERVER-13232</key>
            <summary>resetDbpath() ignores authentication</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="backlog-server-stm">Backlog - Server Tooling and Methods (STM)</assignee>
                                    <reporter username="epc">Ed Costello</reporter>
                        <labels>
                            <label>move-stm</label>
                    </labels>
                <created>Mon, 27 May 2013 04:17:09 +0000</created>
                <updated>Tue, 6 Dec 2022 05:09:08 +0000</updated>
                            <resolved>Fri, 19 Nov 2021 20:17:01 +0000</resolved>
                                                                    <component>Security</component>
                    <component>Shell</component>
                                        <votes>0</votes>
                                    <watches>8</watches>
                                                                                                                <comments>
                            <comment id="4201675" author="brooke.miller" created="Fri, 19 Nov 2021 20:17:01 +0000"  >&lt;p&gt;We&apos;ve deprecated the mongo shell in favor of the new &lt;a href=&quot;https://docs.mongodb.com/mongodb-shell/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongosh&lt;/a&gt; . Unfortunately, we aren&apos;t able to pursue improvements to the deprecated shell except in extreme cases, such as critical security fixes. Can you please start making use of &lt;a href=&quot;https://docs.mongodb.com/mongodb-shell/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongosh&lt;/a&gt; and let us know if it works for you in this case?&lt;/p&gt;</comment>
                            <comment id="347173" author="spencer" created="Tue, 28 May 2013 19:22:31 +0000"  >&lt;p&gt;I agree with Andreas, though I also agree that we should be giving users less ways to shoot themselves in the foot.&lt;/p&gt;

&lt;p&gt;The easiest solution may just be ripping out the functionality that&apos;s in the shell just for testing from the shell that we distribute to the public (which we&apos;ve been talking about doing anyway).&lt;/p&gt;

&lt;p&gt;In the meantime perhaps best-practice documentation that the shell should be run as an OS user without any write access to the file system?&lt;/p&gt;</comment>
                            <comment id="346999" author="epc" created="Tue, 28 May 2013 16:31:18 +0000"  >&lt;p&gt;Might also add a check that the specified path &lt;b&gt;is&lt;/b&gt; the &lt;tt&gt;--dbpath&lt;/tt&gt; and not &quot;/&quot; (for example). &lt;/p&gt;</comment>
                            <comment id="346211" author="epc" created="Mon, 27 May 2013 12:35:15 +0000"  >&lt;p&gt;I&apos;m fine with someone deciding to move it to SERVER, I didn&apos;t want to leave it in the public project over the holiday weekend.&lt;/p&gt;

&lt;p&gt;My reasoning opening it here: it&apos;s scriptable, it&apos;s non-obvious, it&apos;s available by default instead of with &lt;tt&gt;--setParameter enableSOMETHINGcommands&lt;/tt&gt;.&lt;/p&gt;</comment>
                            <comment id="346173" author="andreas.nilsson@10gen.com" created="Mon, 27 May 2013 10:50:55 +0000"  >&lt;p&gt;I am not sure I agree that this is a security issue even though the function should not exist unless it is required.&lt;/p&gt;

&lt;p&gt;Any executable run with high enough permissions can erase the DB path. The shell is just another binary, albeit provided as part of the mongo installation.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25142"><![CDATA[Server Tooling & Methods]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 27 May 2013 10:50:55 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 11 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-624</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>alexander.golin@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 11 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>andreas.nilsson</customfieldvalue>
            <customfieldvalue>backlog-server-stm</customfieldvalue>
            <customfieldvalue>brooke.miller@mongodb.com</customfieldvalue>
            <customfieldvalue>epc</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlyrz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr9f2n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6466</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsh2cf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>