Disallowing the dynamic loading of agents by default (revised)

Alan Bateman Alan.Bateman at oracle.com
Thu Apr 6 07:56:34 UTC 2017

On 05/04/2017 17:55, David M. Lloyd wrote:

> This is just plain weird from a security perspective, to say that 
> unrelated processes have more privilege to control the current process 
> than processes that are closely related.
> Anyway this is yet another case where arbitrary artificial hurdles are 
> put in place for the purpose of human behavior modification. Such 
> hurdles can always be bypassed, generally resulting in even uglier 
> situations that the one you're trying to avoid.  In this case I can 
> just fire a child process and then attach to it from the parent.  Or 
> fire off two sibling processes and have one attach to the other.  
> Nothing is being saved here.
This thread/proposal is concerned with libraries using APIs intended for 
tools to do brain surgery in the current VM. Launching VMs and attaching 
to those VMs isn't a concern, no issue with sibling VMs attaching to 
each other either either.


More information about the jigsaw-dev mailing list