[SERVER-18111] mongod allows user inserts into system.profile collection Created: 17/Apr/15 Updated: 28/Oct/15 Resolved: 28/Apr/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Storage, Write Ops |
| Affects Version/s: | 3.0.0 |
| Fix Version/s: | 2.6.10, 3.0.3, 3.1.3 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | J Rassi | Assignee: | J Rassi |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||
| Sprint: | Quint Iteration 3 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
mongod allows user inserts into system.profile collection. This is a regression introduced in version 2.5.5 by be828115 ( To illustrate, see the following shell session with mongod version 2.5.5:
And, the expected behavior with mongod version 2.5.4:
User operations that insert, modify, or remove documents (including the "renameCollection" command) should be forbidden on "system.profile". Create and drop operations should remain allowed on "system.profile", and convertToCapped should remain allowed as well. |
| Comments |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: (cherry picked from commit 301f6a927294d542f5466e4704d37f8e930d5317) |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: (cherry picked from commit 4ea827d383156d36e666d05eb6dad8bbc2a75801) |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: Forbids user writes to "system.profile". Notably, this also prevents Creation, drop, and capped conversion of "system.profile" remain (cherry picked from commit 659d6c26e12d3396aafff70ca11d74a4187b4084) |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: (cherry picked from commit fdfd8e79061f9ea12840875290d159dfafdcbc96) |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: (cherry picked from commit 040879f6885395ab49754bd76449af71d0903dd7) |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: Forbids user writes to "system.profile". Notably, this also prevents Creation, drop, and capped conversion of "system.profile" remain (cherry picked from commit 5b80159eeb2332a5e8e79e30de27c2dd72c30a18) |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: |
| Comment by Githook User [ 28/Apr/15 ] |
|
Author: {u'username': u'jrassi', u'name': u'Jason Rassi', u'email': u'rassi@10gen.com'}Message: Forbids user writes to "system.profile". Notably, this also prevents Creation, drop, and capped conversion of "system.profile" remain |