Public bug reported:
I noticed that the mongodb instance that juju creates runs as root; this
is not great from a priviledge escalation point of view - if the
database is compromised by some sort of zero-day exploit in the future,
then access to the database might mean root access to the server its
running on.
** Affects: juju-core
Importance: Undecided
Status: New
** Affects: juju-core (Ubuntu)
Importance: Medium
Status: Triaged
** Also affects: juju-core
Importance: Undecided
Status: New
** Description changed:
I noticed that the mongodb instance that juju creates runs as root; this
is not great from a priviledge escalation point of view - if the
- database is compromise by some sort of zero-day exploit in the future,
- the access to the database might mean root access to the server its
+ database is compromised by some sort of zero-day exploit in the future,
+ then access to the database might mean root access to the server its
running on.
** Changed in: juju-core (Ubuntu)
Status: New => Triaged
** Changed in: juju-core (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to juju-core in Ubuntu.
https://bugs.launchpad.net/bugs/1208430
Title:
mongodb runs as root user
To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
