[IMPALA-4820] TmpFileMgr can write unencrypted data to disk even when encryption is on - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: Impala 2.9.0
Fix Version/s: Impala 2.9.0
Component/s: Backend
Labels:
- correctness
- security

Target Version:

Impala 2.9.0

Description

When writing encrypted data to scratch disk, the cancellation process can decrypt the data while the write is still in flight. This could result in some amount of decrypted data being written to disk, defeating the purpose of encryption:

  // Decrypt regardless of whether the write is still in flight or not. An in-flight
  // write may write bogus data to disk but this lets us get some work done while the
  // write is being cancelled.
  Status status;
  if (FLAGS_disk_spill_encryption) {
    status = handle->CheckHashAndDecrypt(buffer);
  }
  handle->WaitForWrite();

This was introduced by commit "~~IMPALA-3202~~,~~IMPALA-2079~~: rework scratch file I/O" and never made it into any official releases.

Attachments

Activity

People

Assignee:: Tim Armstrong

Reporter:: Tim Armstrong

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Jan/17 22:33

Updated:: 31/Jan/17 06:36

Resolved:: 31/Jan/17 06:36