hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sushanth Sowmyan (JIRA)" <>
Subject [jira] [Commented] (HIVE-5989) Hive metastore authorization check is not threadsafe
Date Mon, 09 Dec 2013 22:38:07 GMT


Sushanth Sowmyan commented on HIVE-5989:

I'll attach the fix patch for now as this is a pretty severe bug. As for testing, it is easy
to test from manual tests or with e2e tests, but difficult to test with a unit test. I'll
also attach a "SleepyAuthorizationProvider" that I used to test this manually, so as to elongate
the critical section to demonstrate and reproduce this error easily.

> Hive metastore authorization check is not threadsafe
> ----------------------------------------------------
>                 Key: HIVE-5989
>                 URL:
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore, Security
>    Affects Versions: 0.11.0
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
> Metastore-side authorization has a couple of pretty important threadsafety bugs in it:
> a) The HiveMetastoreAuthenticated instantiated by the AuthorizationPreEventListener is
static. This is a premature optimization and incorrect, as it will result in Authenticator
implementations that store state potentially giving an incorrect result, and this bug very
much exists with the DefaultMetastoreAuthenticator.
> b) It assumes HMSHandler.getHiveConf() is itself going to be thread-safe, which it is
not. HMSHandler.getConf() is the appropriate thread-safe equivalent.

This message was sent by Atlassian JIRA

View raw message