RFR: 8332786: When dumping static CDS archives, explicitly assert that we don't use a CDS archive
Thomas Stuefe
stuefe at openjdk.org
Thu Jul 4 05:47:26 UTC 2024
On Wed, 19 Jun 2024 04:32:56 GMT, Ioi Lam <iklam at openjdk.org> wrote:
>> Currently, we don't use a CDS archive when dumping the static archive. And that is fine.
>>
>> It has security implications: if a customer re-generates the dump with `-Xshare:dump`, the content of the dump should depend on only the runtime parts of the JVM, resp. only on those parts that had been built on the build host. It should not depend on an archive that may or may not have been produced after the build and that may be tainted.
>>
>> This just reduces the attack surface for possible supply chain attacks.
>>
>> Since we already do this, I'd only like to add explicit asserts to ensure that we continue to do this.
>
> LGTM
Thanks @iklam @dholmes-ora
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19359#issuecomment-2208159754
More information about the hotspot-runtime-dev
mailing list