RFR: 8332786: When dumping static CDS archives, explicitly assert that we don't use a CDS archive
Ioi Lam
iklam at openjdk.org
Wed Jun 19 04:35:11 UTC 2024
On Thu, 23 May 2024 08:43:10 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
> Currently, we don't use a CDS archive when dumping the static archive. And that is fine.
>
> It has security implications: if a customer re-generates the dump with `-Xshare:dump`, the content of the dump should depend on only the runtime parts of the JVM, resp. only on those parts that had been built on the build host. It should not depend on an archive that may or may not have been produced after the build and that may be tainted.
>
> This just reduces the attack surface for possible supply chain attacks.
>
> Since we already do this, I'd only like to add explicit asserts to ensure that we continue to do this.
LGTM
-------------
Marked as reviewed by iklam (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/19359#pullrequestreview-2126978616
More information about the hotspot-runtime-dev
mailing list