accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3224) Shell should use nanos for auth timeout
Date Tue, 14 Oct 2014 15:43:35 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14171092#comment-14171092
] 

Christopher Tubbs commented on ACCUMULO-3224:
---------------------------------------------

I'm not sure any additional documentation is necessary, given that modern kernels/JDKs all
use CLOCK_MONOTONIC (I'm not sure we support any systems that wouldn't), and that anybody
could always run different code than the one we provide (the re-compile case). These are not
concerns that are specific to Accumulo. However, a short comment in the shell section of the
manual that reminds people to log out of the shell when they are done, and that the authTimeout
offers marginal protection if they forget (which relies on Java nanoTime / CLOCK_MONOTONIC
platform support), would probably suffice. Feel free to reuse this issue or create a sub-task,
if you feel that is warranted.

> Shell should use nanos for auth timeout
> ---------------------------------------
>
>                 Key: ACCUMULO-3224
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3224
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: shell
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>             Fix For: 1.5.3, 1.6.2, 1.7.0
>
>         Attachments: 0001-ACCUMULO-3224-Use-nanoTime-in-the-shell-s-auth-timeo.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> I was looking at the code done for ACCUMULO-3221 and noticed that we're using the system
clock instead of the JDK's internal relative time, System.nanoTime(). This is a problem, because
any auth timeout that depends on the system clock can be easily bypassed by changing the system
time.
> We can also do the time conversion more reliably with {{TimeUnit}} to avoid the potential
arithmetic bug identified in ACCUMULO-3221.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message