[security-dev] Picketlink thread safety issues
bburke at redhat.com
Tue Aug 6 11:52:15 EDT 2013
On 8/6/2013 11:01 AM, Anil Saldhana wrote:
> On 08/06/2013 02:02 AM, Stuart Douglas wrote:
>> I have just been looking over Picketlink and I think I have spotted a couple of thread safety issues:
>> - File Data Store is not thread safe
> Anything in particular?
>> It looks like there are quite a few problems here, but the biggest is that FileDataStore does not seem to use any sync, so multiple threads can be attempting to write out the database at the same time. Also threads can be modifying the database in memory at the same time it is being written out, so it is possible to write the DB in an inconsistent state.
>> Also when the file is written out it is written out directly over the old file, which greatly increases the chance of file corruption (rather than writing a tmp file and then moving it over the existing one). The also means that any sort of error (such as a non-serializable attribute) will corrupt the store and make it unreadable.
> We should look at how Wildfly does with serializing domain model changes
> into the file. Maybe we need to retain copies so that the runtime can
> recover from a corrupted file.
>> - LDAPIdentityStore is using SimpleDateFormat in a non-threadsafe manner
>> LDAPIdentityStore uses a static SimpleDateFormat, which is not thread safe. Not only that but this date format is modified before it is used in LDAPIdentityStore#parseLDAPDate, so if multiple threads are parsing dates with different timezone formats at the same time anything could happen.
> We should move the SDF into the static method that is using it.
You may also think about creating a transactional interface for the IDM
API. For the JPA plugin it would just delegate to the EntityManager.
For the File plugin, you might want to keep changes in memory (even keep
them local to the IDM session) and flush them when the user calls
"commit". This creates a lot more work though...
JBoss, a division of Red Hat
More information about the security-dev