[rfc] hs_err log in temp readable for all
Dmitry Samersoff
dmitry.samersoff at oracle.com
Wed May 21 20:02:17 UTC 2014
Jiri,
There are plenty of tools that rely on presence of hs_err* file to
monitor java app etc.
Readability of hs_err file is also important because typically,
monitoring software run not under same user as a main Java app.
It is probably better to keep hs_err file "group readable" only, but
compatibility impact of such decision should be carefully evaluated.
If world readable hs_err file is not acceptable for your system you can
change umask to have restricted permissions.
e.g.:
> umask 0555
...
> kill -BUS <java_process_pid>
---------- 1 dms dms 26419 May 21 23:52 hs_err_pid15822.log
-Dmitry
On 2014-05-19 17:21, Jiri Vanek wrote:
> Hi!
>
> I run JVM in read only directory in shared server and form time to time
> it fails. However, I noted that hs_logs which then go to TMP direcotry,
> are readable to all.
> It may contains private information, and I think that this file should
> be readable only to its owner.
>
> Attached webrevs fixes it:
> for all hs_err logs -
> http://jvanek.fedorapeople.org/oracle/jdk9/stricter_permissions/minimal/1/webrev/
>
> for hs_log in tmp only -
> http://jvanek.fedorapeople.org/oracle/jdk9/stricter_permissions/better/1/webrev/
>
>
> If I will be even more paranoid, then i think that hs_err{pid} name is
> predictable, and can point to pre-created pipe. Maybe this 0600 file
> should be placed in 0700 directory with salt in name. Or add the salt to
> file itself (when created in tmp)
>
> I will be happy to adapt the patch for your needs.
>
> Best regards,
> J.
--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the sources.
More information about the hotspot-dev
mailing list