[SERVER-32894] Disallow creation of `system.indexes` Created: 25/Jan/18  Updated: 30/Oct/23  Resolved: 08/Feb/18

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 3.7.2

Type: Bug Priority: Major - P3
Reporter: Daniel Gottlieb (Inactive) Assignee: Tess Avitabile (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-32893 Relax replicated collection dropping ... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Steps To Reproduce:

db.createCollection("system.indexes")

Sprint: Storage 2018-01-29, Storage 2018-02-12
Participants:
Linked BF Score: 0

 Description   

Inserting into `system.indexes` is disallowed, but an explicitly create collection command goes through. This has some interesting, problematic side-effects. For example:

  1. Creating a real collection on the KVStorageEngine.
  2. Replicating with a create collection oplog entry.
  3. Dropping a database skips dropping the collection.
  4. Others? system.indexes is often treated specially in the code.

Particularly between 2 and 3, this prevents us from properly verifying a legally ordered sequence of updates on all document in WiredTiger.

I would imagine this is also possible on earlier versions, but I haven't verified.



 Comments   
Comment by Githook User [ 08/Feb/18 ]

Author:

{'email': 'tess.avitabile@mongodb.com', 'name': 'Tess Avitabile', 'username': 'tessavitabile'}

Message: SERVER-32894 Disallow creation of system.indexes
Branch: master
https://github.com/mongodb/mongo/commit/d337da259248c785f4014b565742300eb08ecd4f

Comment by Tess Avitabile (Inactive) [ 25/Jan/18 ]

Ah, though I suppose that could affect the ability to create an index by performing an insert on system.indexes. I'll reconsider...

Comment by Tess Avitabile (Inactive) [ 25/Jan/18 ]

This is not an issue for rename due to the following check:

        if (source.isSystemDotIndexes() || target.isSystemDotIndexes()) {
            errmsg = "renaming system.indexes is not allowed";
            return false;
        }

I think we could prevent users from creating the namespace system.indexes by removing it from this whitelist of system namespaces users are allowed to create.

Generated at Thu Feb 08 04:31:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.