Reducing the security implications of running MongoDB is an important thing for us to do. It's not quite critical, because nobody is asking for it directly now, and the risk is still somewhat limited. But there is a risk, and I think the general policy of treating even security -- even relatively lower risk stuff -- as important is a good habit of mind for us.
We are going to be at the center of a lot of important developments. On the other hand once you can control the MongoDB server, your opportunities for privilege escalation on hosts in that environment are probably greater in other directions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1208430 Title: mongodb runs as root user To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1208430/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
