Hermetic Java (static image packaging/formatting) investigation and proposal

Jiangli Zhou jianglizhou at google.com
Tue Feb 14 23:53:42 UTC 2023 

On Tue, Feb 14, 2023 at 1:37 AM Florian Weimer <fweimer at redhat.com> wrote:

> * Jiangli Zhou:
>
> > We also considered startup-time/install-time extraction. Based on the
> > feedback from other language usages in real production, extraction has
> > real production challenges in many cases, including (tmpfs) file
> > system configuration/management issues, possible security
> > vulnerabilities, temp space pollution, extraction conflicts, and
> > etc. (thanks to the feedback from other language experts from their
> > experiences!). Those make the extraction approach unattractive.
>
> I thought that OpenJDK has its own DSO-from-JAR extractor?
>

Do you have a pointer to the feature?


>
> There's memfd_create, which is currently an un-auditable trapdoor to the
> world of self-modifying code (although I expect that will be closed off
> eventually).  It works even if /tmp, /dev/shm, etc. are all mounted
> noexec.
>
> Experimenting with it suggests that GDB doesn't rely on link map data
> exclusively.  It gets somewhat confused and doesn't read the symbols:
>
> (gdb) info shared
> From                To                  Syms Read   Shared Object Library
> 0x00007f00a83a1700  0x00007f00a84f519d  Yes         /lib64/libc.so.6
> 0x00007f00a85720a0  0x00007f00a85980e5  Yes
>  /lib64/ld-linux-x86-64.so.2
>                                         No          /proc/589166/fd/3
>
> This should work, but it does not. 8-(  Even the non-debugging
> ELF symbols are missing.
>
> The dlmem implementation posted to libc-alpha probably has even more
> problems.  I'm no longer convinced that the public link map (reachable
> via _r_debug) has sufficient information for debuggers.
>
> But if we could fix these issues, the memfd_create approach could be a
> viable replacement for extracting DSOs from JAR files (to turn this
> slightly more on-topic).
>

AFAIK, there were some investigations/experiments done by others in Google
on memfd_create for supporting file embedded DSOs (not Java specific). The
concerns from the tooling side (about file offsets) still seem to be
applicable with this approach.

Best,
Jiangli


>
> Thanks,
> Florian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/leyden-dev/attachments/20230214/f7db2c11/attachment.htm>

More information about the leyden-dev mailing list