RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed
Roger Riggs
rriggs at openjdk.java.net
Fri Jan 7 22:32:28 UTC 2022
On Wed, 22 Dec 2021 21:41:13 GMT, Mandy Chung <mchung at openjdk.org> wrote:
>> Remove the use of Security Manager from jstatd.
>> Add use of an ObjectInputFilter to restrict RMI.
>>
>> Also we can undo the property-setting Launcher.gmk change from: 8279007: jstatd fails to start because SecurityManager is disabled
>> ..as that is no longer needed.
>>
>> Docs/man page update to follow (JDK-8278619).
>
> src/jdk.jstatd/share/classes/sun/tools/jstatd/Jstatd.java line 51:
>
>> 49: private static RemoteHost remoteHost;
>> 50:
>> 51: private static final String rmiFilterPattern = "sun.jvmstat.monitor.remote.RemoteVm;com.sun.proxy.jdk.proxy1.$Proxy1;com.sun.proxy.jdk.proxy1.$Proxy2;java.lang.reflect.Proxy;java.rmi.server.RemoteObjectInvocationHandler;java.rmi.server.RemoteObject;!*";
>
> The class name of the dynamic proxy is generated at runtime and can be different. As Bernd commented, the proxy classes cannot/should not be listed in the filter pattern.
@mlchung The Proxy class passed to the filter has been created in this VM from the interfaces listed.
The interfaces have already been filtered prior to creating the proxy.
The Proxy classes can safely be allowed based on a wildcard of the name. (As Stuart said).
-------------
PR: https://git.openjdk.java.net/jdk/pull/6919
More information about the security-dev
mailing list