Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18111

mongod allows user inserts into system.profile collection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 2.6.10, 3.0.3, 3.1.3
    • Component/s: Storage, Write Ops
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Backport Completed:
    • Sprint:
      Quint Iteration 3

      Description

      mongod allows user inserts into system.profile collection. This is a regression introduced in version 2.5.5 by be828115 (SERVER-11611).

      To illustrate, see the following shell session with mongod version 2.5.5:

      > db.system.profile.insert({x:1})
      > db.system.profile.find({x:1})
      { "_id" : ObjectId("55319438a236ac0c4bd8f010"), "x" : 1 }
      

      And, the expected behavior with mongod version 2.5.4:

      > db.system.profile.insert({x:1})
      attempt to insert in system namespace 'test.system.profile'
      

      User operations that insert, modify, or remove documents (including the "renameCollection" command) should be forbidden on "system.profile".

      Create and drop operations should remain allowed on "system.profile", and convertToCapped should remain allowed as well.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: