What have you found for these years?

2011-12-19

mongodump failed with "errno:2 No such file or directory"

We're using Rails' String#tableize as a collection name in MongoDB,
and I just realized that it would make:

ModuleName::ClassName.name.tableize
As
"module_name/class_names"
when I was running `mongodump` to dump MongDB data.
The problem is that `mongodump` would treat that "module_name/"
as a directory name, and it won't try to `mkdir` for it, thus failing with:
assertion: 10262 couldn't open file: errno:2 No such file or directory
Because it cannot find "module_name" as a directory.

I thought it should lookup for a file called exactly "module_name/class_names"
instead of trying to access it as if it's a path of something.
I know it's my bad to use "/" in a collection name, I just didn't know that,
but either it should reject the name, or properly handle this in `mongodump`.

A simple workaround is that just create the directory for it.

Also, I smelled a potential shell injection here. Though if it's really a
shell injection hole, it's only vulnerable by using a malicious collection
name, and MongoDB might have already forbidden that.

0 retries:

Post a Comment

Note: Only a member of this blog may post a comment.



All texts are licensed under CC Attribution 3.0