Disallowing the dynamic loading of agents by default
Alan Bateman
Alan.Bateman at oracle.com
Mon Apr 3 16:32:22 UTC 2017
On 03/04/2017 17:28, Reto Merz wrote:
> It was already suggested in another thread by Gregg Wonderly:
> Why not introduce a new method
> java.lang.SecurityManager#checkAttachAgent(x)?
> So the implementation can accept/reject an "attach agent request"
> dynamically at runtime.
> x could be some additional infos provided by the agent (eg: certificate).
The issue here is nothing to do with the security manager, assume no
security manager in the picture.
Also, FWIW, VirtualMachine.attach has always specified a security
manager for the (probably rare) cases where a tool is run with a
security manager.
-Alan
More information about the jigsaw-dev
mailing list