Public bug reported: I noticed that the mongodb instance that juju creates runs as root; this is not great from a priviledge escalation point of view - if the database is compromised by some sort of zero-day exploit in the future, then access to the database might mean root access to the server its running on.
** Affects: juju-core Importance: Undecided Status: New ** Affects: juju-core (Ubuntu) Importance: Medium Status: Triaged ** Also affects: juju-core Importance: Undecided Status: New ** Description changed: I noticed that the mongodb instance that juju creates runs as root; this is not great from a priviledge escalation point of view - if the - database is compromise by some sort of zero-day exploit in the future, - the access to the database might mean root access to the server its + database is compromised by some sort of zero-day exploit in the future, + then access to the database might mean root access to the server its running on. ** Changed in: juju-core (Ubuntu) Status: New => Triaged ** Changed in: juju-core (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs