RFR (S): 8202650: Enforce group for attach listener file
Chris Plummer
chris.plummer at oracle.com
Tue May 8 20:46:09 UTC 2018
Hi Christoph,
It passed all my testing.
thanks,
Chris
On 5/8/18 5:25 AM, Langer, Christoph wrote:
> Hi Chris,
>
> thanks for reviewing and offering to test, I appreciate that. As Thomas has reviewed it as well, could you please conduct your testing? I ran it through our local testing and jdk-submit, no regressions observed.
>
> Thanks & Best regards
> Christoph
>
>> -----Original Message-----
>> From: Chris Plummer [mailto:chris.plummer at oracle.com]
>> Sent: Montag, 7. Mai 2018 20:30
>> To: Langer, Christoph <christoph.langer at sap.com>; serviceability-
>> dev at openjdk.java.net
>> Cc: ppc-aix-port-dev at openjdk.java.net; Martin Buchholz
>> <martinrb at google.com>
>> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file
>>
>> Hi Christoph,
>>
>> The changes look fine. There are some closed aod tests that should be
>> run. I can do this for you once the review is done.
>>
>> thank,s
>>
>> Chris
>>
>> On 5/6/18 12:23 PM, Langer, Christoph wrote:
>>> Hi,
>>>
>>> with that information and Martins links to the specs, I suggest to add the
>> patch to linux as well. I played with the sgid functionality on Linux and it is the
>> same as on AIX. So, if somebody configured the directory where the attach
>> listener file is created with sgid, the file will belong to the wrong group.
>>> See my new webrev:
>> http://cr.openjdk.java.net/~clanger/webrevs/8202650.1/
>>> Thanks
>>> Christoph
>>>
>>>> -----Original Message-----
>>>> From: Chris Plummer [mailto:chris.plummer at oracle.com]
>>>> Sent: Freitag, 4. Mai 2018 23:34
>>>> To: Langer, Christoph <christoph.langer at sap.com>; serviceability-
>>>> dev at openjdk.java.net
>>>> Cc: ppc-aix-port-dev at openjdk.java.net
>>>> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file
>>>>
>>>> Hi Christoph,
>>>>
>>>> It looks like for bsd this code was added to fix JDK-7152800. In that CR
>>>> I see the following:
>>>>
>>>> "The attach framework will verify that the file has the same effective
>>>> owner and group as the currently running process. This will be true on
>>>> linux, since files are created with the effective user and group as
>>>> owner. This will NOT be true always on macos, since the file can have a
>>>> different group if the temporary directory has a different group than
>>>> what we are currently running as."
>>>>
>>>> So it looks like the fix is not necessary for Linux. It wouldn't hurt to
>>>> experiment by setting the s-bit on the directory and see if you have the
>>>> same problem as macos and AIX.
>>>>
>>>> thanks,
>>>>
>>>> Chris
>>>>
>>>> On 5/4/18 7:29 AM, Langer, Christoph wrote:
>>>>> Hi,
>>>>>
>>>>> please review a change for correctly setting the group for the attach
>>>>> listener file:
>>>>>
>>>>> Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8202650.0/
>>>>> <http://cr.openjdk.java.net/%7Eclanger/webrevs/8202650.0/>
>>>>>
>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8202650
>>>>> <https://bugs.openjdk.java.net/browse/JDK-8202650>
>>>>>
>>>>> The attach listener file, usually /tmp/.java_pid<pid> is created from
>>>>> the hotspot JVM process. Usually it will belong to the process user
>>>>> and group. However, when the directory where it is created has set the
>>>>> s-bit for groups, the group of the directory is taken. This will cause
>>>>> errors when the attach client tries to connect and it is checked
>>>>> whether the group of the attach file matches the client processes'
>> group.
>>>>> In my webrev I only implemented the change for AIX because we have
>> run
>>>>> into an issue on that platform. But I can see this code already in
>>>>> place for attachListener_bsd.cpp. And I’m wondering if this should
>>>>> also be added to attachListener_linux.cpp because the sticky-bit could
>>>>> be set with the same effects on Linux, too. Any opinions about that?
>>>>>
>>>>> Thanks and best regards
>>>>>
>>>>> Christoph
>>>>>
More information about the ppc-aix-port-dev
mailing list