Bug 243910
Summary: | krb5-libs are not thread-safe | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Nathan Kinder <nkinder> |
Component: | cyrus-sasl | Assignee: | Steve Conklin <sconklin> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 4.5 | CC: | ckannan, jplans, kevinu, shaines |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHSA-2007-0795 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-09-04 14:49:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 240316 |
Description
Nathan Kinder
2007-06-12 17:45:40 UTC
Thread-safety should have been sorted in the 1.4 release, but RHEL 4 included version 1.3.4. A workaround I've seen used is to put a mutex around the gss_accept_security_context() function calls. I can't say what kind of (if any) performance hit this might create. I'm not sure that backporting the proper fixes (threading mutexes through libkrb5 and the gssapi libraries, at least) is really feasible at this point. Since I'm coding my multi-threaded application against the SASL api, I don't have an option to add a mutex around gss_accept_security_context(). This would need to be done in the SASL GSSAPI plugin. Since the Kerberos libraries are not, and will not, be thread-safe on RHEL-4, is it possible to add a mutex around gss_accept_security_context() in the GSSAPI SASL plugin that we include as a part of the cyrus-sasl-gssapi package? The mutex would only be used if the application that was coded against SASL passes in it's own mutex function callbacks by calling sasl_set_mutex(), otherwise it would have no effect. Yes, I think that's doable. It looks like that was done in 2.1.20, while RHEL 4 has 2.1.19 and RHEL 5 has 2.1.22. The patch looks pretty well-isolated. Moving to cyrus-sasl and proposing for 4.6 as an exception. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0795.html |