hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10224) JavaKeyStoreProvider has to protect against corrupting underlying store
Date Wed, 06 Aug 2014 15:14:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14087773#comment-14087773
] 

Larry McCay commented on HADOOP-10224:
--------------------------------------

This is understandably a complicated dance and it seems that you have thought through a great
number (if not all) of the complexities. I am going to need a little more time to grok them
all.

In the meantime, here are my initial observations:

* the refactoring is in the right direction but seems like it may need a little more polishing
* I am currently trying to see whether we can consolidate the tryLoadFromPath and loadAndReturnPerm
methods - they are largely the same in implementation and goals.
* throwing exception if config file specified but not found - changes default password behavior.
This may be acceptable given that an explicit action of configuring a password file was taken
but misconfigured but I just wanted to make sure that we were aware that this is short-circuiting
the previous behavior.
* comment for the Need to save off the permissions in case it has to be rewritten should be
moved to where that is actually being done now - or perhaps this whole block could be in a
saveOffPermissions method.
* I think that the comments in the following block are misleading and should be reworded to
indicate that we are testing whether flush has completed successfully or they should moved
inside the condition that proves that it hasn't:
{code}
      if (fs.exists(path)) {
        // flush did not proceed to completion
        // _NEW should not exist
        if (fs.exists(newPath)) {
          throw new IOException(
              String.format("Keystore not loaded due to some inconsistency "
              + "('%s' and '%s' should not exist together)!!", path, newPath));
        }
{code}

I'd also like to know whether and how this has been functionally tested with concurrent activity
in order to tease out all of these scenarios. I am a little concerned about _NEW and _OLDs
getting stepped on by concurrent requests. Especially in KMS.

> JavaKeyStoreProvider has to protect against corrupting underlying store
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-10224
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10224
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10224.1.patch, HADOOP-10224.2.patch, HADOOP-10224.3.patch,
HADOOP-10224.4.patch, HADOOP-10224.5.patch, HADOOP-10224.6.patch, HADOOP-10224.7.patch, HADOOP-10224.8.patch
>
>
> Java keystores get corrupted at times. A key management operation that writes the store
to disk could cause a corruption and all protected data would then be unaccessible.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message