RFR (S): 8202650: Enforce group for attach listener file
Langer, Christoph
christoph.langer at sap.com
Wed May 9 06:42:22 UTC 2018
Thanks, Chris. I'll push it then.
-Christoph
> -----Original Message-----
> From: Chris Plummer [mailto:chris.plummer at oracle.com]
> Sent: Dienstag, 8. Mai 2018 22:46
> To: Langer, Christoph <christoph.langer at sap.com>; serviceability-
> dev at openjdk.java.net
> Cc: ppc-aix-port-dev at openjdk.java.net; Martin Buchholz
> <martinrb at google.com>; Thomas Stüfe <thomas.stuefe at gmail.com>
> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file
>
> Hi Christoph,
>
> It passed all my testing.
>
> thanks,
>
> Chris
>
> On 5/8/18 5:25 AM, Langer, Christoph wrote:
> > Hi Chris,
> >
> > thanks for reviewing and offering to test, I appreciate that. As Thomas has
> reviewed it as well, could you please conduct your testing? I ran it through
> our local testing and jdk-submit, no regressions observed.
> >
> > Thanks & Best regards
> > Christoph
> >
> >> -----Original Message-----
> >> From: Chris Plummer [mailto:chris.plummer at oracle.com]
> >> Sent: Montag, 7. Mai 2018 20:30
> >> To: Langer, Christoph <christoph.langer at sap.com>; serviceability-
> >> dev at openjdk.java.net
> >> Cc: ppc-aix-port-dev at openjdk.java.net; Martin Buchholz
> >> <martinrb at google.com>
> >> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file
> >>
> >> Hi Christoph,
> >>
> >> The changes look fine. There are some closed aod tests that should be
> >> run. I can do this for you once the review is done.
> >>
> >> thank,s
> >>
> >> Chris
> >>
> >> On 5/6/18 12:23 PM, Langer, Christoph wrote:
> >>> Hi,
> >>>
> >>> with that information and Martins links to the specs, I suggest to add the
> >> patch to linux as well. I played with the sgid functionality on Linux and it is
> the
> >> same as on AIX. So, if somebody configured the directory where the
> attach
> >> listener file is created with sgid, the file will belong to the wrong group.
> >>> See my new webrev:
> >> http://cr.openjdk.java.net/~clanger/webrevs/8202650.1/
> >>> Thanks
> >>> Christoph
> >>>
> >>>> -----Original Message-----
> >>>> From: Chris Plummer [mailto:chris.plummer at oracle.com]
> >>>> Sent: Freitag, 4. Mai 2018 23:34
> >>>> To: Langer, Christoph <christoph.langer at sap.com>; serviceability-
> >>>> dev at openjdk.java.net
> >>>> Cc: ppc-aix-port-dev at openjdk.java.net
> >>>> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file
> >>>>
> >>>> Hi Christoph,
> >>>>
> >>>> It looks like for bsd this code was added to fix JDK-7152800. In that CR
> >>>> I see the following:
> >>>>
> >>>> "The attach framework will verify that the file has the same effective
> >>>> owner and group as the currently running process. This will be true on
> >>>> linux, since files are created with the effective user and group as
> >>>> owner. This will NOT be true always on macos, since the file can have a
> >>>> different group if the temporary directory has a different group than
> >>>> what we are currently running as."
> >>>>
> >>>> So it looks like the fix is not necessary for Linux. It wouldn't hurt to
> >>>> experiment by setting the s-bit on the directory and see if you have the
> >>>> same problem as macos and AIX.
> >>>>
> >>>> thanks,
> >>>>
> >>>> Chris
> >>>>
> >>>> On 5/4/18 7:29 AM, Langer, Christoph wrote:
> >>>>> Hi,
> >>>>>
> >>>>> please review a change for correctly setting the group for the attach
> >>>>> listener file:
> >>>>>
> >>>>> Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8202650.0/
> >>>>> <http://cr.openjdk.java.net/%7Eclanger/webrevs/8202650.0/>
> >>>>>
> >>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8202650
> >>>>> <https://bugs.openjdk.java.net/browse/JDK-8202650>
> >>>>>
> >>>>> The attach listener file, usually /tmp/.java_pid<pid> is created from
> >>>>> the hotspot JVM process. Usually it will belong to the process user
> >>>>> and group. However, when the directory where it is created has set
> the
> >>>>> s-bit for groups, the group of the directory is taken. This will cause
> >>>>> errors when the attach client tries to connect and it is checked
> >>>>> whether the group of the attach file matches the client processes'
> >> group.
> >>>>> In my webrev I only implemented the change for AIX because we
> have
> >> run
> >>>>> into an issue on that platform. But I can see this code already in
> >>>>> place for attachListener_bsd.cpp. And I’m wondering if this should
> >>>>> also be added to attachListener_linux.cpp because the sticky-bit could
> >>>>> be set with the same effects on Linux, too. Any opinions about that?
> >>>>>
> >>>>> Thanks and best regards
> >>>>>
> >>>>> Christoph
> >>>>>
>
More information about the ppc-aix-port-dev
mailing list