[External] : Re: JEP draft: Disallow the Dynamic Loading of Agents by Default
Alan Bateman
Alan.Bateman at oracle.com
Mon May 1 18:22:07 UTC 2023
On 30/04/2023 23:24, Ron Pressler wrote:
> Hi Mike!
>
>> On 30 Apr 2023, at 19:59, Mike Hearn <mike at plan99.net> wrote:
>>
>>> we’ve begun to explore means other than the flag to allow a tool to
>>> load an agent at runtime
>>
>> How about restricting access to the jcmd socket. For in-VM code it can
>> be blocked at the filesystem implementation level, and for
>> sub-processes by using the operating system APIs to determine if the
>> other side of the socket is part of the same process tree at connect
>> time. This would avoid the need for new UI to re-enable existing jcmd
>> functionality, whilst preventing code loaded into the VM from
>> connecting back to that same VM. Only truly external tools could
>> trigger agent loading, or modules that had been given permission to do
>> that.
>>
>
> Determining the process on the other side and/or maintaining the
> integrity of the process tree is not easy on all OSes.
>
Right, it's feasible to get the peer pid on some platforms but you can't
rely on the process tree due to re-parenting when a parent terminates.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jigsaw-dev/attachments/20230501/6f6463bf/attachment-0001.htm>
More information about the jigsaw-dev
mailing list