RFR: 7152800: All tests using the attach API fail with "well-known file is not secure" on Mac OS X
Staffan Larsen
staffan.larsen at oracle.com
Tue Mar 20 03:27:32 PDT 2012
I couldn't make it work on OSX. But this means that we should probably chown the file explicitly on linux as well to make sure it gets the right permissions in the case where the directory has the setgid bit set.
Thanks,
/Staffan
On 19 mar 2012, at 20:38, Dean Long wrote:
> On linux, you can control this behavior with the setgid mode bit on the parent directory. Does that also work on OSX?
>
> dl
>
> On 3/19/2012 6:03 AM, Staffan Larsen wrote:
>> Please review the following fix:
>>
>> Webrev: http://cr.openjdk.java.net/~sla/7152800/webrev.00/ <http://cr.openjdk.java.net/%7Esla/7152800/webrev.00/>
>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7152800
>>
>> We sometimes get an error say "well-known file is not secure" when running attach-tests on mac osx. The reason is a difference in how files are created between linux and mac osx (and that the mac code in HotSpot originates from the linux code):
>>
>> * On linux, the default group owner of a newly created file will be user's effective group (id -g).
>>
>> * On macos, the default group owner of a newly created file will be group owner of the directory the file is in.
>>
>> The attach framework will verify that the file has the same effective owner and group as the currently running process. This will be true on linux, since files are created with the effective user and group as owner. This will NOT be true always on macos, since the file can have a different group if the temporary directory has a different group than what we are currently running as.
>>
>> The fix on macos is to change the group ownership of the well-known file to the effective group when the file is created.
>>
>> The fix has been verified by manually changing the effective group of the launching user.
>>
>> Thanks,
>> /Staffan
More information about the hotspot-runtime-dev
mailing list