Potential sensitive information leak through JVM crash logs
Alexandr Miloslavskiy
alexandr.miloslavskiy at syntevo.com
Sat Jan 14 10:44:36 UTC 2023
Hi,
> A simple way to deal with this could be to mark error reporting steps
> that potentially display security-sensitive information. See VM::report,
> STEP macro.
>
> These steps could print a little prefix/suffix for strippers to do their
> work.
Unfortunately this won't help, because we don't want to strip entire
sections that might contain sensitive information.
For debugging purposes, the contents of registers and stack values are
quite important. At the same time, we consider these values unlikely to
disclose any sensitive information.
For example, this is what we received before objects started to print:
----
RIP=0x00007ff96c395f8c jvm.dll
RAX=0x0000000400000003 is an unknown value
RBX=0x000000001c623290 points into unknown readable memory: 48 66 dc 1b
00 00 00 00
RCX=0x0000000000000004 is an unknown value
----
In numerous cases, these values helped me to bucket and debug problems.
The problem for us is that it now prints not just numbers, but also
entire objects, which are much more likely to contain sensitive information.
The objects are of course also useful in debugging, just they are too
sensitive.
More information about the hotspot-dev
mailing list