<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:05:31 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-4276] prevent user access to index namespaces</title>
                <link>https://jira.mongodb.org/browse/SERVER-4276</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;The user is allowed to run operations on namespaces used to back btree indexes, for example test.foo.$&lt;em&gt;id&lt;/em&gt;.  These namespaces do not contain bson, yet mongod may attempt to read/write bson from/to them resulting in invalid bson errors and potentially memory corruption.  We should prevent the user from accessing these namespaces directly.&lt;/p&gt;</description>
                <environment></environment>
        <key id="24889">SERVER-4276</key>
            <summary>prevent user access to index namespaces</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="backlog-server-execution">Backlog - Storage Execution Team</assignee>
                                    <reporter username="aaron">Aaron Staple</reporter>
                        <labels>
                    </labels>
                <created>Mon, 14 Nov 2011 17:44:15 +0000</created>
                <updated>Tue, 6 Dec 2022 05:39:23 +0000</updated>
                            <resolved>Tue, 15 Nov 2016 20:36:18 +0000</resolved>
                                                                    <component>Storage</component>
                                        <votes>1</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="71194" author="auto" created="Tue, 6 Dec 2011 17:52:42 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;login&apos;: u&apos;astaple&apos;, u&apos;name&apos;: u&apos;Aaron&apos;, u&apos;email&apos;: u&apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-4276&quot; title=&quot;prevent user access to index namespaces&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-4276&quot;&gt;&lt;del&gt;SERVER-4276&lt;/del&gt;&lt;/a&gt; replication implementation specifies a client ns including $cmd for commands, causing buildbot failure when combined with the new namespace guard; going to disable the &apos;normal&apos; namespace client guard pending clarification of desired behavior in the jira (there are some preexisting questions about correct behavior)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/a70fbc392c3cc261d9e8c73bfa5cab6a321bf89e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/a70fbc392c3cc261d9e8c73bfa5cab6a321bf89e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="70763" author="eliot" created="Sun, 4 Dec 2011 19:02:18 +0000"  >&lt;p&gt;We need things like .stats() to work.&lt;/p&gt;

&lt;p&gt;Also db.getCollection( &quot;foo.$&lt;em&gt;id&lt;/em&gt;&quot; ).validate( &lt;/p&gt;
{ full : true }
&lt;p&gt; )&lt;/p&gt;</comment>
                            <comment id="70761" author="auto" created="Sun, 4 Dec 2011 18:42:00 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;login&apos;: u&apos;astaple&apos;, u&apos;name&apos;: u&apos;Aaron&apos;, u&apos;email&apos;: u&apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-4276&quot; title=&quot;prevent user access to index namespaces&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-4276&quot;&gt;&lt;del&gt;SERVER-4276&lt;/del&gt;&lt;/a&gt; update index namespace guard for new client context implementation&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/bd50d4591b1e6255ef7a4c397b9158f9ec9029c9&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/bd50d4591b1e6255ef7a4c397b9158f9ec9029c9&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="70760" author="auto" created="Sun, 4 Dec 2011 18:41:59 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;login&apos;: u&apos;astaple&apos;, u&apos;name&apos;: u&apos;Aaron&apos;, u&apos;email&apos;: u&apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-4276&quot; title=&quot;prevent user access to index namespaces&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-4276&quot;&gt;&lt;del&gt;SERVER-4276&lt;/del&gt;&lt;/a&gt; error code&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/d1eab2cbc44ca0afbbc10dfcde2ca8322e76a33b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/d1eab2cbc44ca0afbbc10dfcde2ca8322e76a33b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="70759" author="auto" created="Sun, 4 Dec 2011 18:41:57 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;login&apos;: u&apos;astaple&apos;, u&apos;name&apos;: u&apos;Aaron&apos;, u&apos;email&apos;: u&apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-4276&quot; title=&quot;prevent user access to index namespaces&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-4276&quot;&gt;&lt;del&gt;SERVER-4276&lt;/del&gt;&lt;/a&gt; prevent client access to index namespaces&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/1299e0cc56fe18d983091eec296ffc24cc1060ad&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/1299e0cc56fe18d983091eec296ffc24cc1060ad&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="66591" author="aaron" created="Mon, 14 Nov 2011 17:45:50 +0000"  >&lt;p&gt;This fix will also prevent mongodump from inappropriately accessing the index namespaces, which has been a problem &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-4190&quot; title=&quot;SEGFAULT doing query&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-4190&quot;&gt;&lt;del&gt;SERVER-4190&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="24387">SERVER-4190</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="26074">SERVER-4440</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25136"><![CDATA[Storage Execution]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Sun, 4 Dec 2011 18:41:57 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        12 years, 11 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>alexander.golin@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            12 years, 11 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>aaron</customfieldvalue>
            <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>backlog-server-execution</customfieldvalue>
            <customfieldvalue>eliot</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrolof:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrfsv3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>4826</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|ht0ovz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>