Disallowing the dynamic loading of agents by default

Alan Bateman Alan.Bateman at oracle.com
Mon Apr 3 16:32:22 UTC 2017

On 03/04/2017 17:28, Reto Merz wrote:

> It was already suggested in another thread by Gregg Wonderly:
> Why not introduce a new method 
> java.lang.SecurityManager#checkAttachAgent(x)?
> So the implementation can accept/reject an "attach agent request" 
> dynamically at runtime.
> x could be some additional infos provided by the agent (eg: certificate).
The issue here is nothing to do with the security manager, assume no 
security manager in the picture.

Also, FWIW, VirtualMachine.attach has always specified a security 
manager for the (probably rare) cases where a tool is run with a 
security manager.


More information about the jigsaw-dev mailing list