Skip Menu |
 

Subject: thread safety in mit-krb5 libraries
Many changes are needed in the krb5 library (and others) to make the
code thread-safe.

Any non-const global variables need protection against simultaneous read
and write. (If a static-duration object can't be updated, it should
probably be const.)

File locking is per-process (at least under UNIX); when we do file
locking, we'll want it to effectively be per-thread.

This issue has been discussed in email (on krbdev?), and people at IBM
are supposed to be writing some code based on that discussion; just
making sure it gets listed here too....
This bug is a bit old and it still seems MIT Kerberos has a lot of
problems in multi-threaded environment. This is a sample backtrace:
#0 0x4207c5fc in memcpy () from /lib/tls/libc.so.6
#1 0x41dc12de in krb5_c_random_make_octets ()
from /usr/kerberos/lib/libk5crypto.so.3
#2 0x41dbdd61 in krb5_old_encrypt () from
/usr/kerberos/lib/libk5crypto.so.3
#3 0x41dbfe0f in krb5_c_encrypt () from /usr/kerberos/lib/libk5crypto.so.3
#4 0x41f37f0b in krb5_encrypt_helper () from /usr/kerberos/lib/libkrb5.so.3
#5 0x41f412ff in krb5_process_padata () from /usr/kerberos/lib/libkrb5.so.3
#6 0x41f410d6 in krb5_obtain_padata () from /usr/kerberos/lib/libkrb5.so.3
#7 0x41f3aaf3 in krb5_get_in_tkt () from /usr/kerberos/lib/libkrb5.so.3
#8 0x41f3cc1c in krb5_get_in_tkt_with_password ()
from /usr/kerberos/lib/libkrb5.so.3
I also would like to watch this bug, is it possible to add my e-mail
(osvetlik at kerio dot com) to the bugs CC, please? I don't have
permissions to do so.
To: rt@krbdev.mit.edu
Cc:
Subject: Re: [krbdev.mit.edu #1303] thread safety in mit-krb5 libraries
From: Sam Hartman <hartmans@mit.edu>
Date: Mon, 19 Jul 2004 14:39:03 -0400
RT-Send-Cc:
Show quoted text
>>>>> "Public" == Public Submitter via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text
Public> This bug is a bit old and it still seems MIT Kerberos has
Public> a lot of problems in multi-threaded environment. This is a
Public> sample backtrace: #0 0x4207c5fc in memcpy () from


You should try the same test on a development snapshot taken within
the last week. You can either do a cvs checkout or you can grab a
development checkout based on instructions at
http://web.mit.edu/kerberos/distrib/.


Ken has been doing a lot of thread support work lately and recently it
has been enabled by default.
Closing. Any further thread-safety issues should be new bugs.