KPL Binary installation uses a Shared Lock

The KPL binary is vulnerable to a race condition that yields a zero-byte binary file being installed. The sequence is:

1. Process-1 determines that the binary does not exist and creates a new `FileOutputStream`, which will create a file-descriptor on the filesystem ([link](https://github.com/awslabs/amazon-kinesis-producer/blob/master/java/amazon-kinesis-producer/src/main/java/com/amazonaws/services/kinesis/producer/KinesisProducer.java#L827))
2. Process-2 determines that the file exists and creates a `FileInputStream` and shared lock: ([link](https://github.com/awslabs/amazon-kinesis-producer/blob/master/java/amazon-kinesis-producer/src/main/java/com/amazonaws/services/kinesis/producer/KinesisProducer.java#L814-L815))
3. Process-1 attempts to create an exclusive lock but cannot because Process-2 has a shared-lock that prevents the creation of exclusive locks: ([link](https://github.com/awslabs/amazon-kinesis-producer/blob/master/java/amazon-kinesis-producer/src/main/java/com/amazonaws/services/kinesis/producer/KinesisProducer.java#L828))
4. Process-2 verifies the contents of the binary and throws a `SecurityException` because the contents do not match the expected value: ([link](https://github.com/awslabs/amazon-kinesis-producer/blob/master/java/amazon-kinesis-producer/src/main/java/com/amazonaws/services/kinesis/producer/KinesisProducer.java#L816-L824))

This can be avoided by using a dedicated lock-file separate from the binary file being written.

This issue is related to #55 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KPL Binary installation uses a Shared Lock #91

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development