Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-92037

Fix data race in AuthorizationSessionTestFixture using an atomic

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.1.0-rc0, 8.0.0-rc11
    • Affects Version/s: None
    • Component/s: Security
    • None
    • Query Optimization
    • Fully Compatible
    • ALL
    • v8.0
    • QO 2024-07-08
    • 200

      There is a data race in the AuthorizationManagerImpl::_authEnabled flag when 
      UnauthorizedSessionIsCoauthorizedWithAnybodyWhenAuthIsDisabled and AuthorizedSessionIsCoauthorizedNobodyWhenAuthIsDisabled call authzManager->setAuthEnabled(false) outside of initialization time. At the same time, the JournalFlusher thread is reading its value through isAuthEnabled().

      This is an unintended use of _authEnabled, which currently allows unsynchronized accesses because it's only expected to be set once at initialization time. To allow these unit tests (and future tests) to safely reset its value, _authEnabled should be made an atomic.

            Assignee:
            lynne.wang@mongodb.com Lynne Wang
            Reporter:
            lynne.wang@mongodb.com Lynne Wang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: