Operational Defect Database

BugZero found this defect 2440 days ago.

MongoDB | 395828

[SERVER-29731] Auth checks must have access to document sequences

Last update date:

10/30/2023

Affected products:

MongoDB Server

Affected releases:

No affected releases provided.

Fixed releases:

3.5.11

Description:

Info

This is currently only nessesary for inserting into system.indexes. That will fail today if the index specification is in an op_msg document sequence.

Top User Comments

xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:24 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 upconvertRequest now uses document sequences where appropriate In addition to improving test coverage for document sequences, this also improves performance of insert commands sent over OP_QUERY since they will no longer copy the objects during upconversion. Branch: master https://github.com/mongodb/mongo/commit/10d31e1e3b4f32f842489e2a2de66a547e550b5a xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:23 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 upconvertRequest shouldn't separate data and metadata Branch: master https://github.com/mongodb/mongo/commit/704d2dc2a533e6297a6e77e23fb6afbf574e9572 xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:21 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 Auth checks get access to document sequences Branch: master https://github.com/mongodb/mongo/commit/c4883a9d289a01e8e4f45ccac7f19f59f2892c42 xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:17 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 don't pass cmdobj to localHostOnlyIfNoAuth() It wasn't used. If we need it in the future, it should probably use OpMsgRequest. Branch: master https://github.com/mongodb/mongo/commit/b32c49eadcfab7c7e321a4d539e770d2a70e9730 xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:15 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 get errmsg out of BasicCommand api It is now only used by commands deriving from ErrmsgCommandDeprecated. Branch: master https://github.com/mongodb/mongo/commit/8d555140ce24b9f59e4672a0ed026502fdfffd2c xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:11 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 Get errmsg out of public Command API Branch: master https://github.com/mongodb/mongo/commit/b6abff538f84abecae2bd7137173a37a8626ac14 xgen-internal-githook commented on Thu, 13 Jul 2017 21:03:06 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 Make BasicCommand a real separate type Branch: master https://github.com/mongodb/mongo/commit/8c228549b7e29f0c83eb94f4c913e61cd61523a9 xgen-internal-githook commented on Thu, 13 Jul 2017 21:02:56 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 convert all direct subclasses of Command to BasicCommand Branch: master https://github.com/mongodb/mongo/commit/1f21d889f89cf1338ff198264d63b029314eef7a xgen-internal-githook commented on Thu, 13 Jul 2017 21:02:48 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'} Message: SERVER-29731 Unify logic around directly invoking a command Branch: master https://github.com/mongodb/mongo/commit/a6cc94d141f13feff33178a769c81282c7bc0170 xgen-internal-githook commented on Thu, 13 Jul 2017 21:01:58 +0000: Author: {u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'redbeard0531@gmail.com'} Message: SERVER-29731 Enterprise changes for document sequence aware auth checks Branch: master https://github.com/10gen/mongo-enterprise-modules/commit/d1d94e1e3ae2ecdfdf179bd54c2111db10d9b233

Additional Resources / Links

Share:

BugZero Risk Score

Coming soon

Status

Closed

Have you been affected by this bug?

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Discussion

Login to read and write comments.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...