RFR: 8325621: Improve jspawnhelper version checks
Bernd
duke at openjdk.org
Mon Mar 11 19:01:19 UTC 2024
On Mon, 11 Mar 2024 17:46:14 GMT, Chad Rakoczy <duke at openjdk.org> wrote:
> Fix for [8325621](https://bugs.openjdk.org/browse/JDK-8325621)
>
> Updates jspawnhelper to check that JDK version and jspawnhelper version are the same. Updates test to include check for version. Also tested manually by replacing jspawnhelper with incorrect version to confirm that check works.
Since incompatible changes here are seldom, another option would be to set/send a protocol version. Because if you reject an execute() on each mismatch or if only a incompatible execute() fails is both undesireable, but much more often with version compare (of course third behavior crash/corruption would be bad, but the bugfix should avoid that).
with a protocol version you don’t have to care about micro versions and also it is more tolerant about the usual cpu updates which do not introduce incompatibilities most of the time.
having said that, if you don’t want to introduce a protocol version and don’t want to gurantee this interface - the version quadruple would be fine for the most common cases of quarterly security updates.
btw just as a datapoint: we run into this issue with a longrunning Gerrit server which could no longer invoke external ssh client for incoming hooks (ad did not log this). It was not expected to use the system-vm which was updated on the running system by ubuntu.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18204#issuecomment-1989211732
More information about the core-libs-dev
mailing list