New candidate JEP: 451: Prepare to Disallow the Dynamic Loading of Agents

Fri May 12 13:44:25 UTC 2023

> On 12 May 2023, at 05:26, Jack Shirazi <jacks at fasterj.com> wrote:
> 
> Thank  you for your reply. This makes it clear that the JEP has a single specific tradeoff. So we have two capabilities at issue here
> 
> A) Currently libraries can turn themselves into agents
> 
> B) Currently agents can remotely attach
> 
> The JEP has decided for the community that each of these are a bad thing and should be disabled by default (though enableable by setting an option).

No, the JEP says:

"To assure integrity, we need stronger measures to prevent the misuse by libraries of dynamically loaded agents. Unfortunately, we have not found a simple and automatic way to distinguish between a serviceability tool that dynamically loads an agent and a library that dynamically loads an agent.”

The only problem is libraries, but because there’s no simple way to distinguish between the two, and because dynamically loaded agents are not needed in most serviceability uses, disabling them by default is reasonable. BTW, this was already decided in 2017 in JEP 261: https://openjdk.org/jeps/261

As the JEP also says, in the future we may be able to distinguish between tools and libraries via a more complex mechanism that could allow tools to load agents dynamically without the flag.

> My involvement in community discussions over the years has been that no one complains about (A), it has not been used maliciously, and there is a small niche who use it. (B) is used quite a lot and enhances JVM serviceability with a capability that is a clear advantage over other runtimes. It seems a shame to eliminate that competitive advantage.

Malicious use is not a concern *at all*. What this JEP addresses is integrity by default. See https://openjdk.org/jeps/8305968

> 
> The JEP clearly points out that anyone concerned by these can disable the ability with a simple command-line option, so there is a simple solution for this minority.

Integrity must be opt out, and cannot be opt in, and so opting in is not a solution that will give us integrity *by default*. See https://openjdk.org/jeps/8305968#Strong-Encapsulation-by-Default

> The fundamental error is really that the attaching agent is read-write rather than read-only. If we could change that, it would be ideal, but sadly I don't think that's easily doable.

Perhaps, but most uses of dynamically loaded agents (and nearly all uses of dynamically loaded *Java* agents) are for “write.” The most common use-case for “read-only” is dynamically attached advanced profilers that use JVM TI. The solution there, as the JEP says, is not to separate agent capabilities but to improve JFR’s capabilities — which do not require an agent at all — and JFR can obtain profiles far more efficiently than anything JVM TI could ever hope to achieve.

> 
> I and many in the monitoring community believe this JEP is NOT an enhancement to the JDK. The proposers believe it is. Is there a mechanism other than this email discussion list to gain wider community feedback so we can ascertain if there is really a strong community preference either way?
> 

The only information of relevance would be reports showing that dynamically loading agents are a commonly-needed functionality and that adding a command-line option to allow it is onerous.

— Ron