[EXTERNAL] Re: New candidate JEP: 451: Prepare to Disallow the Dynamic Loading of Agents

Alex Buckley alex.buckley at oracle.com
Fri May 12 22:39:49 UTC 2023


Hi Bruno,

If I read about Azure Application Insights here:

 
https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview?tabs=java

then I see that:

   Integrated autoinstrumentation is available for Java Apps hosted on 
Azure App Service and Azure Functions.
   Autoinstrumentation is available for any environment by using Azure 
Monitor OpenTelemetry-based autoinstrumentation for Java applications.

The latter feature, OpenTelemetry-based autoinstrumentation, is 
described at:

 
https://learn.microsoft.com/en-us/azure/azure-monitor/app/opentelemetry-enable?tabs=java

and certainly relies on command line options:

   Java autoinstrumentation is enabled through configuration changes; no 
code changes are required.
   Point the JVM to the jar file by adding 
-javaagent:"path/to/applicationinsights-agent-3.4.12.jar" to your 
application's JVM args.

In addition, there is this page:

 
https://learn.microsoft.com/en-us/azure/azure-monitor/app/java-spring-boot

which also calls for setting -javaagent.

I suspect that the *integrated* autoinstrumentation for hosted Java 
apps, described at:

 
https://learn.microsoft.com/en-us/azure/azure-monitor/app/codeless-overview

is simply setting jdk.attach.allowAttachSelf and -javaagent behind the 
scenes.

Alex

On 5/12/2023 2:12 PM, Bruno Borges wrote:
> That's odd, Alex.
> 
> I can confirm that when I run this application, I do get the App 
> Insights agent enabled, and I get telemetry. I can confirm that the 
> jdk.attach.allowAttachSelf is 'null' when the application runs 
> (therefore, the setting is not being configured from anywhere in the 
> environment).
> 
> I am running with MS Build of OpenJDK, which I can confirm we have not 
> made any changes to this setting. Therefore, it is what OpenJDK vanilla has.
> ------------------------------------------------------------------------
> *From:* Alex Buckley <alex.buckley at oracle.com>
> *Sent:* May 12, 2023 1:43 PM
> *To:* Bruno Borges <Bruno.Borges at microsoft.com>
> *Cc:* jdk-dev at openjdk.org <jdk-dev at openjdk.org>
> *Subject:* Re: [EXTERNAL] Re: New candidate JEP: 451: Prepare to 
> Disallow the Dynamic Loading of Agents
> Hi Bruno,
> 
> On 5/12/2023 12:31 PM, Bruno Borges wrote:
>> I am using OpenJDK 17 and I am enabling the Azure Application Insights 
>> agent programmatically (see [1]).
> 
> Thank you for the explanation.
> 
>> The reason I like this approach is because I can manage the Java Agent 
>> as a regular Maven Dependency, and get alerts on updates (or, 
>> knock-on-wood, security updates).
>> 
>> As far as I recall 'jdk.attach.allowAttachSelf=true' is the case in JDK 
>> 11 and 17.
> 
> Per the JDK 9 release notes
> (https://www.oracle.com/java/technologies/javase/9-all-relnotes.html#JDK-8178380 <https://www.oracle.com/java/technologies/javase/9-all-relnotes.html#JDK-8178380>),
> self-attach is disallowed by default in 9+. The Azure infrastructure
> that's running your code on 17 must be setting the flag behind the
> scenes. In that case, I would expect the infrastructure to let you
> choose, in future, whether to allow dynamic agent loading, and to pass
> -XX:+Enable... behind the scenes too.
> 
> Alex
> 
>> ------------------------------------------------------------------------
>> *From:* Alex Buckley <alex.buckley at oracle.com>
>> *Sent:* May 12, 2023 12:18 PM
>> *To:* Bruno Borges <Bruno.Borges at microsoft.com>
>> *Cc:* jdk-dev at openjdk.org <jdk-dev at openjdk.org>
>> *Subject:* [EXTERNAL] Re: New candidate JEP: 451: Prepare to Disallow 
>> the Dynamic Loading of Agents
>> Bruno,
>> 
>> Am I right to assume that these cases involve applications running on
>> Java 8? If they were on 9+, the developers would already have had to run
>> with `-Djdk.attach.allowAttachSelf=true` to let the app load the agent
>> into the local JVM.
>> 
>> I sense that you're describing an 8 environment for two reasons:
>> 
>> 1. Because command line options were relatively rare in that
>> environment, and mostly concerned JVM tuning when they did appear. But
>> in the 9+ environment, it's relatively common to use command line
>> options (esp. --add-opens) because some library four levels down in the
>> app demands to use private methods in java.lang.
>> 
>> 2. Because you rightly look "forward" to jlink to see if it can smooth
>> the 8->11 / 8->17 / 8->21 migration, by having the image automatically
>> enable agents without any app developer learning new flags.
>> 
>> Apologies if I've misinterpreted your use cases, but I really want to
>> understand the reticence around more-command-line-options.
>> 
>> Alex
>> 
>> On 5/11/2023 2:55 PM, Bruno Borges wrote:
>>> Ron,
>>> 
>>> In the cases I've seen, it is the application that is loading the agent 
>>> programmatically, first thing they do in their static_void_main method.
>>> 
>>> This has some benefits like allowing the application to depend on an 
>>> agent as they do with any other library, through a dependency management 
>>> tool (Maven/Gradle), and having more easily version upgrading mechanisms.
>>> 
>>> The -javaagent deployment model is not an option to this, nor is the 
>>> flag to enable the programmatically approach, as it requires the 
>>> application *developer* to tune JVM flags to do so.
>>> 
>>> Only possible solution I thought about was to give jlink a flag that 
>>> would enable the feature. I wonder if this has been considered.
>>> 
>>> Sent from mobile device.
>>> ------------------------------------------------------------------------
>>> *From:* jdk-dev <jdk-dev-retn at openjdk.org> on behalf of Ron Pressler 
>>> <ron.pressler at oracle.com>
>>> *Sent:* Thursday, May 11, 2023 11:37:56 AM
>>> *To:* Jack Shirazi <jacks at fasterj.com>
>>> *Cc:* jdk-dev at openjdk.org <jdk-dev at openjdk.org>
>>> *Subject:* [EXTERNAL] Re: New candidate JEP: 451: Prepare to Disallow 
>>> the Dynamic Loading of Agents
>>> The general policy in effect since JEP 261 [1] was delivered in JDK 17 
>>> (and included the dynamic agents change) is that the application and not 
>>> libraries gets to decide what encapsulation-bypassing mechanisms are 
>>> allowed. In the case of agents, JEP 451 states:
>>> 
>>>> To ensure that the owner of an application approved the use of agents, JDK 5 required agents to be specified on the command line with the -javaagent or -agentlib options, and loaded the agents immediately at startup. This represented an explicit grant of  privileges by the application owner.
>>> 
>>> This is in line with the policy; letting libraries decide that they want 
>>> to deploy an encapsulation-bypassing agent without the applications 
>>> explicit consent is not. The full motivation behind the policy, and what 
>>> integrity (not to be confused with security) means, is explained in this 
>>> information JEP draft: 
>>> https://openjdk.org/jeps/8305968 <https://openjdk.org/jeps/8305968> <https://openjdk.org/jeps/8305968 <https://openjdk.org/jeps/8305968>> <https://openjdk.org/jeps/8305968 <https://urldefense.com/v3/__https://nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fopenjdk.org*2Fjeps*2F8305968&data=05*7C01*7CBruno.Borges*40microsoft.com*7C2f508f0907a747f2beea08db53297d25*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C638195209886851539*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=89gZN5iOEQseAXIfUql56cHPjMn8zqaSCjdcrzQOUpw*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUl!!ACWV5N9M2RV99hQ!NmKUcn5ouOKm0ZRYzSvO17QnrZ5ljQWVSZcDePndPoibw_7uDvWAUiKRqXL1FZWbdeiTBcOieCnOnSOLvTvqCIgWIt60$> <https://openjdk.org/jeps/8305968 <https://openjdk.org/jeps/8305968>>>
>>> 
>>> [1]: 
>>> https://openjdk.org/jeps/261 <https://openjdk.org/jeps/261> <https://openjdk.org/jeps/261 <https://openjdk.org/jeps/261>> <https://openjdk.org/jeps/261 <https://urldefense.com/v3/__https://nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fopenjdk.org*2Fjeps*2F261&data=05*7C01*7CBruno.Borges*40microsoft.com*7C2f508f0907a747f2beea08db53297d25*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C638195209886851539*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=QuqJW1*2FrIcs547KzXzzwmGtLB0wfn08VFtn60tSsXfc*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!ACWV5N9M2RV99hQ!NmKUcn5ouOKm0ZRYzSvO17QnrZ5ljQWVSZcDePndPoibw_7uDvWAUiKRqXL1FZWbdeiTBcOieCnOnSOLvTvqCO3wan70$> <https://openjdk.org/jeps/261 <https://openjdk.org/jeps/261>>>
>>> 
>>>> On 11 May 2023, at 11:11, Jack Shirazi <jacks at fasterj.com> wrote:
>>>> 
>>>> This proposes to deprecate one mechanism for agent loading, but the ability to run an agent in the JVM is unchanged. This means that if disallowed in future, there will still be absolutely no change in "the balance between serviceability, which involves ad-hoc  changes to running code, and integrity, which assumes that
>> running
>>> code is not arbitrarily changed". Applying the deprecation will still 
>>> leave the exact same ability for arbitrary changes to the code.
>>>> 
>>>> For libraries that may use this mechanism, I checked the https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java> <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java>> <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java <https://urldefense.com/v3/__https://nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fcve.mitre.org*2Fcgi-bin*2Fcvekey.cgi*3Fkeyword*3Djava&data=05*7C01*7CBruno.Borges*40microsoft.com*7C2f508f0907a747f2beea08db53297d25*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C638195209887007838*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=tFg523WVNJJ1e1iQAHYOzSntwQJjBZE0bPXyfbGxzNg*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSU!!ACWV5N9M2RV99hQ!NmKUcn5ouOKm0ZRYzSvO17QnrZ5ljQWVSZcDePndPoibw_7uDvWAUiKRqXL1FZWbdeiTBcOieCnOnSOLvTvqCFrxkMFK$> <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=java>>> CVEs for the last five years and can't find any recorded abuse of it. I find it hard to believe that developers wouldn't know that their dependencies use this, if they do.
>>>> 
>>>> Ultimately, integrity may be preferred, but there is a balance. For example we are not proposing to remove java agent capability, reflection, dynamic class loading, etc, all of which in one way or another violate integrity, because these are features which  make the JVM hugely successful.
>>>> 
>>>> I don't see the benefit here. What future improvement would happen if the deprecation is subsequently applied?
>>>> 
>>>> On 08/05/2023 20:17, Mark Reinhold wrote:
>>>>> https://openjdk.org/jeps/451 <https://openjdk.org/jeps/451> <https://openjdk.org/jeps/451 <https://openjdk.org/jeps/451>> <https://openjdk.org/jeps/451 <https://urldefense.com/v3/__https://nam06.safelinks.protection.outlook.com/?url=https*3A*2F*2Fopenjdk.org*2Fjeps*2F451&data=05*7C01*7CBruno.Borges*40microsoft.com*7C2f508f0907a747f2beea08db53297d25*7C72f988bf86f141af91ab2d7cd011db47*7C1*7C0*7C638195209887007838*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=RINCIv278SarKlKGQWZ9wn7mJRVVYpE4UIjU*2FqW9RIE*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!ACWV5N9M2RV99hQ!NmKUcn5ouOKm0ZRYzSvO17QnrZ5ljQWVSZcDePndPoibw_7uDvWAUiKRqXL1FZWbdeiTBcOieCnOnSOLvTvqCL5KcXQx$> <https://openjdk.org/jeps/451 <https://openjdk.org/jeps/451>>>
>>>>> 
>>>>>   Summary: Issue warnings when agents are loaded dynamically into a
>>>>>   running JVM. These warnings aim to prepare users for a future release
>>>>>   which disallows the dynamic loading of agents by default in order to
>>>>>   improve integrity by default. Serviceability tools that load agents at
>>>>>   startup will not cause warnings to be issued in any release.
>>>>> 
>>>>> - Mark
>>> 


More information about the jdk-dev mailing list