[SERVER-46970] KRB5_CCNAME variable is reused between JSTest jobs when it shouldn't be Created: 18/Mar/20  Updated: 29/Oct/23  Resolved: 19/Mar/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.4.0-rc1, 4.7.0

Type: Bug Priority: Major - P3
Reporter: Adam Cooper (Inactive) Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
related to SERVER-46837 Add tracing around keytab check in mo... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.4
Sprint: Security 2020-03-23
Participants:
Linked BF Score: 16

 Description   

Cross-posting from BF-16430

After doing some digging with spencer.jackson, we believe BF-16430 stems from a race involving kdestroy and kinit which are called from two different tests around the same time. The idea is that one test kinits to generate a ticket, and then before the credentials cache is read, the other test destroys the cache. We had put in place a method of preventing this from happening, but it is not working as intended.

The idea was to use the job's data dir to hold the credentials cache, but it seems the jobs are all using the same data dir. For example, notice how in the following logs:

Notice how both of these tests place their credentials cache in the job2 data dir, despite the fact that neither of them are job2. We believe we have isolated the reason for this. On this line in jstest.py, we are making a shallow copy of the shell options dictionary. We later on modify the internal dictionary that contains some of the values that will be passed to the shell to eval. Since this is only a shallow copy, the internal dictionary is not thread-local and refers to the same memory used by the other jobs. We believe this issue can be fixed by using a deepcopy instead of a shallow copy.

As a proof of concept, I have uploaded this patch



 Comments   
Comment by Adam Cooper (Inactive) [ 09/Apr/20 ]

v4.4 backport https://github.com/mongodb/mongo/commit/eb76b4041aa1ba79def850ae199838fa14212823

Comment by Kelsey Schubert [ 20/Mar/20 ]

commit is here: https://github.com/mongodb/mongo/commit/471bb3b8783bae6eb46a19e68e413d3f69463afd

Generated at Thu Feb 08 05:12:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.