Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.1.0-rc0, 8.0.0-rc11
Affects Version/s: None
Component/s: Security
Labels:
None

Assigned Teams:

Query Optimization
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v8.0
Sprint:
QO 2024-07-08
Linked BF Score:
200
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

There is a data race in the AuthorizationManagerImpl::_authEnabled flag when
UnauthorizedSessionIsCoauthorizedWithAnybodyWhenAuthIsDisabled and AuthorizedSessionIsCoauthorizedNobodyWhenAuthIsDisabled call authzManager->setAuthEnabled(false) outside of initialization time. At the same time, the JournalFlusher thread is reading its value through isAuthEnabled().

This is an unintended use of _authEnabled, which currently allows unsynchronized accesses because it's only expected to be set once at initialization time. To allow these unit tests (and future tests) to safely reset its value, _authEnabled should be made an atomic.

Assignee:: Lynne Wang
Reporter:: Lynne Wang
Participants:: Githook User, Lynne Wang
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Jul 01 2024 06:27:35 PM UTC
Updated:: Nov 14 2024 07:08:52 PM UTC
Resolved:: Jul 02 2024 03:13:26 PM UTC
Confidence Status Last Update:: 01/Jul/24 8:25 PM

Details

Description

Attachments

Activity

People

Dates