Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-4509

Impala should provide SASL a mutex

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • Impala 2.0
    • Impala 2.8.0
    • Security

    Description

      From IMPALA-4497 and KUDU-1749 we discovered that Impala is not calling sasl_set_mutex to provide SASL with some mutex implementation. This may expose Impala to races in the sasl code which indicates it is not thread safe. This has likely always been missing, and we're not aware of any issues caused by it, but as Kudu is now using sasl as well this may be more important for the Impala daemon to protect itself (i.e. even if Impala's usage is safe, possibly Kudu client's usage of sasl may expose races more).

      We may be able to use Kudu's implementation:
      https://gerrit.cloudera.org/#/c/5120/2/src/kudu/rpc/sasl_common.cc

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. IMPALA-5221 Fix TSaslTransport negotiation order leading to crash in SaslMutexLock(void*)

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. IMPALA-4497 Kudu client usage on secure clusters results in crash

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Activity

            People

              henryr Henry Robinson
              mjacobs Matthew Jacobs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: