Re: Proposal: Post debug Java code to target JVM and exec it

[Yi Yang]

> how would you safeguard such a facility?
It connects target VM via unix domain socket, they are all in local machine, no safeguard is needed because we even have "kill -9 <pid>" or "gcore -o x <pid>"
 < >
------------------------------------------------------------------
From:David Holmes <david.holmes at oracle.com>
Send Time:2023 Jul. 13 (Thu.) 20:34
To:"YANG, Yi" <qingfeng.yy at alibaba-inc.com>; jdk-dev <jdk-dev at openjdk.org>
Subject:Re: Proposal: Post debug Java code to target JVM and exec it
On 13/07/2023 8:57 pm, Yi Yang wrote:
> Proposal: Post debug Java code to target JVM and exec it
> 
> Hello, I have an early idea to post a piece of Java code to a local JVM 
> process via jcmd or jexec, like this:
> 
> jcmd VM.exec Debug.java
> jexec Debug.java
> 
> class Debug {
> public static void main(){
> ApplicationProperties c = loadClass("ApplicationProperties");
> // print static field of running Java program
> System.out.println(ApplicationProperties.field1);
> // call static method of running Java program
> ApplicationProperties.printAll();
> // ....
> }
> }
> 
> With this approach, we can do some useful things, such as:
> - Get some runtime data of the program
> - Troubleshoot Java problems
> - In rare cases, it can also assist in JVM problem diagnosis
> 
> To protect the attach listener, we may need to create a new ExecThread 
> at JVM startup and execute Debug::main in this thread. Do you have any 
> comments on this idea?
So basically you want the ability to ask a running JVM to execute an 
arbitrary piece of java code. That may have some uses but in general 
seems incredibly dangerous - how would you safeguard such a facility?
Cheers,
David
> Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20230717/ad6837e4/attachment-0001.htm>