Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-8047

babysitter cookie is passed to child ns_server in the open

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.1.0
    • Component/s: ns_server
    • Security Level: Public
    • Labels:
      None

      Description

      SUBJ. I just realized that the way babysitter passes cookie to itself to ns_server is visible in ps output to unprivileged users. That's clearly insecure as it allows full access to erlang guts to anybody with access to box running couchbase server.

      No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

        Hide
        alkondratenko Aleksey Kondratenko (Inactive) added a comment -

        Fix merged

        Show
        alkondratenko Aleksey Kondratenko (Inactive) added a comment - Fix merged
        Hide
        maria Maria McDuff (Inactive) added a comment -

        fixed. not verifiable by QE.

        Show
        maria Maria McDuff (Inactive) added a comment - fixed. not verifiable by QE.

          People

          • Assignee:
            alkondratenko Aleksey Kondratenko (Inactive)
            Reporter:
            alkondratenko Aleksey Kondratenko (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Gerrit Reviews

              There are no open Gerrit changes