JDK 19 innocuous reaper threads
Chris Hegarty
chegar999 at gmail.com
Tue Nov 22 20:27:25 UTC 2022
Thanks you Alan and Roger.
I filed the following issue to track this:
https://bugs.openjdk.org/browse/JDK-8297451
There are likely many more usages of innocuous thread that could be
improved by ensuring setDaemon is invoked while asserting privileges,
but I'd like to leave those to a later issue, since the usage in process
is causing us issues right now, and it would be great to get this fixed
(and eventually backported to 19.0.2).
-Chris.
On 22/11/2022 17:01, Roger Riggs wrote:
> Hi Chris,
>
> Yes, adding a doPriv for setDaemon and setName in a couple of places
> makes sense.
>
> Thanks, Roger
>
>
> On 11/22/22 11:12 AM, Chris Hegarty wrote:
>> Hi Alan,
>>
>> On 22/11/2022 16:08, Alan Bateman wrote:
>>> On 22/11/2022 15:21, Chris Hegarty wrote:
>>>> ..
>>>
>>> Just to double check, does the ES security manager override
>>> checkAccess(Thread)?
>>
>> Yes. :-(
>>
>>> That is usually a no-op but if overridden then it will expose an
>>> issue with the thread factory for the "process reaper" where it
>>> attempts changes the daemon status outside of a doPriv block.
>>
>> Right. That's exactly what we're running into.
>>
>> If there are no objections, then I'm happy to file an issue
>> and PR to add narrow doPriv blocks around these calls.
>>
>> -Chris
>>
>> [1]
>> https://github.com/elastic/elasticsearch/blob/main/libs/secure-sm/src/main/java/org/elasticsearch/secure_sm/SecureSM.java#L118
>>
>
More information about the core-libs-dev
mailing list