New candidate JEP: 451: Prepare to Disallow the Dynamic Loading of Agents
Jack Shirazi
jacks at fasterj.com
Thu May 11 15:11:20 UTC 2023
This proposes to deprecate one mechanism for agent loading, but the
ability to run an agent in the JVM is unchanged. This means that if
disallowed in future, there will still be absolutely no change in "the
balance between serviceability, which involves ad-hoc changes to running
code, and integrity, which assumes that running code is not arbitrarily
changed". Applying the deprecation will still leave the exact same
ability for arbitrary changes to the code.
For libraries that may use this mechanism, I checked the
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java CVEs for the last
five years and can't find any recorded abuse of it. I find it hard to
believe that developers wouldn't know that their dependencies use this,
if they do.
Ultimately, integrity may be preferred, but there is a balance. For
example we are not proposing to remove java agent capability,
reflection, dynamic class loading, etc, all of which in one way or
another violate integrity, because these are features which make the JVM
hugely successful.
I don't see the benefit here. What future improvement would happen if
the deprecation is subsequently applied?
On 08/05/2023 20:17, Mark Reinhold wrote:
> https://openjdk.org/jeps/451
>
> Summary: Issue warnings when agents are loaded dynamically into a
> running JVM. These warnings aim to prepare users for a future release
> which disallows the dynamic loading of agents by default in order to
> improve integrity by default. Serviceability tools that load agents at
> startup will not cause warnings to be issued in any release.
>
> - Mark
More information about the jdk-dev
mailing list