Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-18111

mongod allows user inserts into system.profile collection

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.0.0
    • 2.6.10, 3.0.3, 3.1.3
    • Storage, Write Ops
    • None
    • Minor Change
    • ALL
    • Quint Iteration 3

    Description

      mongod allows user inserts into system.profile collection. This is a regression introduced in version 2.5.5 by be828115 (SERVER-11611).

      To illustrate, see the following shell session with mongod version 2.5.5:

      > db.system.profile.insert({x:1})
      > db.system.profile.find({x:1})
      { "_id" : ObjectId("55319438a236ac0c4bd8f010"), "x" : 1 }
      

      And, the expected behavior with mongod version 2.5.4:

      > db.system.profile.insert({x:1})
      attempt to insert in system namespace 'test.system.profile'
      

      User operations that insert, modify, or remove documents (including the "renameCollection" command) should be forbidden on "system.profile".

      Create and drop operations should remain allowed on "system.profile", and convertToCapped should remain allowed as well.

      Attachments

        Issue Links

          Activity

            People

              rassi J Rassi
              rassi J Rassi
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: