mongod allows user inserts into system.profile collection. This is a regression introduced in version 2.5.5 by be828115 (SERVER-11611).
To illustrate, see the following shell session with mongod version 2.5.5:
> db.system.profile.insert({x:1})
> db.system.profile.find({x:1})
{ "_id" : ObjectId("55319438a236ac0c4bd8f010"), "x" : 1 }
And, the expected behavior with mongod version 2.5.4:
> db.system.profile.insert({x:1})
attempt to insert in system namespace 'test.system.profile'
User operations that insert, modify, or remove documents (including the "renameCollection" command) should be forbidden on "system.profile".
Create and drop operations should remain allowed on "system.profile", and convertToCapped should remain allowed as well.
- is duplicated by
-
SERVER-18107 Crash on mongorestore with system.profile
-
- Closed
-
- is related to
-
-
- Closed
-
-
SERVER-11611 remove DataFileMgr::insert*
-
- Closed
-