RFR [8039152] Need a way to suppress message when picking up JAVA_TOOL_OPTIONS
Ivan Gerasimov
ivan.gerasimov at oracle.com
Thu Apr 3 17:01:38 UTC 2014
Thank you Daniel!
On 03.04.2014 20:01, Daniel D. Daugherty wrote:
> On 4/3/14 9:55 AM, Ivan Gerasimov wrote:
>> Thank you Daniel for your complete analysis!
>>
>> If I get it correctly, your main point is that we should always warn
>> the user about using a dangerous way to pass the options.
>> While I tend to agree with it respecting to the standard
>> JAVA_TOOL_OPTIONS, I think if we can make a compromise dealing with a
>> non-standard env variable.
>> If a user is using a non-standard variable, one should already be
>> aware of the danger.
>>
>> Introducing a new variable which will specifically be said to be
>> quiet would not break the existing behavior.
>
> The problem is that the new variable would not be limited to use
> by people aware of the danger. The new variable could be used by
> anyone wanting a quiet avenue of attack into the VM...
>
Yes, it's a good point.
I need some more time to think about it.
Sincerely yours,
Ivan
More information about the hotspot-dev
mailing list