Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Impala 2.0
    • Fix Version/s: Impala 2.8.0
    • Component/s: Security
    • Labels:

      Description

      From IMPALA-4497 and KUDU-1749 we discovered that Impala is not calling sasl_set_mutex to provide SASL with some mutex implementation. This may expose Impala to races in the sasl code which indicates it is not thread safe. This has likely always been missing, and we're not aware of any issues caused by it, but as Kudu is now using sasl as well this may be more important for the Impala daemon to protect itself (i.e. even if Impala's usage is safe, possibly Kudu client's usage of sasl may expose races more).

      We may be able to use Kudu's implementation:
      https://gerrit.cloudera.org/#/c/5120/2/src/kudu/rpc/sasl_common.cc

        Issue Links

          Activity

          Show
          henryr Henry Robinson added a comment - https://github.com/apache/incubator-impala/commit/bb36433b1e0e6426806f8ca40239561eb960abb2
          Hide
          laszlog Laszlo Gaal added a comment -

          Note that this fix exposes problems on RHEL7. These related problems are fixed by IMPALA-5221.

          Show
          laszlog Laszlo Gaal added a comment - Note that this fix exposes problems on RHEL7. These related problems are fixed by IMPALA-5221 .

            People

            • Assignee:
              henryr Henry Robinson
              Reporter:
              mjacobs Matthew Jacobs
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development