URGENT: RE: RFR(XS): 8057564: JVM hangs at getAgentProperties after attaching to VM with lower IntegrityLevel

Markus Grönlund markus.gronlund at oracle.com
Fri Sep 19 12:41:28 UTC 2014 

Hi Serguey,

This is not exactly what I had in mind. We have improved the security of the DACL from NULL (allow everyone everything) to something explicit, but I was hoping we could just update the 


261     jstring_to_cstring(env, pipename, name, MAX_PIPE_NAME_LENGTH);
 262 
 263     hPipe = CreateNamedPipe(
 264           name,                         // pipe name
 265           PIPE_ACCESS_INBOUND,          // read access
 266           PIPE_TYPE_BYTE |              // byte mode
 267             PIPE_READMODE_BYTE |
 268             PIPE_WAIT,                  // blocking mode
 269           1,                            // max. instances
 270           128,                          // output buffer size
 271           8192,                         // input buffer size
 272           NMPWAIT_USE_DEFAULT_WAIT,     // client time-out
 273           NULL);                        // default security attribute

-----Original Message-----
From: Sergey Gabdurakhmanov 
Sent: den 19 september 2014 14:34
To: Mattis Castegren; serviceability-dev at openjdk.java.net; Markus Grönlund; Staffan Larsen; Christian Törnqvist; Markus Grönlund; Alexey Utkin; Dmitry Samersoff
Subject: Re: URGENT: RE: RFR(XS): 8057564: JVM hangs at getAgentProperties after attaching to VM with lower IntegrityLevel

Hi,

New version of the fix for review:
http://cr.openjdk.java.net/~sgabdura/8057564/webrev.02/

Now I add security descriptor with read/write permissions to everybody and full control to system and administrators.

BR,
Sergey

On 17.09.2014 18:03, Mattis Castegren wrote:
> Also adding Christian, who is both a reviewer AND knows windows.
>
> This is a very critical customer bug, and we have a hard deadline of next week.
>
> Kind Regards
> /Mattis
>
> -----Original Message-----
> From: Mattis Castegren
> Sent: den 17 september 2014 07:08
> To: Sergey Gabdurakhmanov; serviceability-dev at openjdk.java.net; Markus 
> Grönlund; Staffan Larsen
> Cc: Mattis Castegren
> Subject: RE: RFR(XS): 8057564: JVM hangs at getAgentProperties after 
> attaching to VM with lower IntegrityLevel
>
> Hi
>
> This is urgent for a customer case, so we would need the second review. Dmitry was ok with the fix. Sergey, you also got some additional review from someone who was not an official reviewer, right? Could you paste those comments?
>
> If no one on this alias feels comfortable with reviewing this fix, any ideas on someone else who can do it and who is has reviewer status? Maybe someone from another team with a lot of Windows experience?
>
> Kind Regards
> /Mattis
>
> -----Original Message-----
> From: Sergey Gabdurakhmanov
> Sent: den 16 september 2014 12:56
> To: serviceability-dev at openjdk.java.net
> Subject: Re: RFR(XS): 8057564: JVM hangs at getAgentProperties after 
> attaching to VM with lower IntegrityLevel
>
> Hi,
>
> I need a second approval for the fix integration.
> Can somebody else review the patch?
>
> BR,
> Sergey
>
> On 12.09.2014 17:34, Dmitry Samersoff wrote:
>> Sergey,
>>
>> Looks good for me.
>>
>> -Dmitry
>>
>>
>> On 2014-09-12 12:46, Sergey Gabdurakhmanov wrote:
>>> Dmitry,
>>>
>>> New patch:
>>> http://cr.openjdk.java.net/~sgabdura/8057564/webrev.01/
>>>
>>>
>>> My answers:
>>>
>>> 1. You should not free lpSecurityDescriptor if it's null (ll.291)
>>>
>>> I checked MSDN
>>> http://msdn.microsoft.com/en-us/library/windows/desktop/aa366730%28v
>>> =vs.85%29.aspx "If the /hMem/ parameter is *NULL*, *LocalFree* 
>>> ignores the parameter and returns *NULL*."
>>>
>>> 2. It's better to re-arrange code a bit:
>>>
>>> if InitializeSecurityDescriptor or SetSecurityDescriptorDacl fails, 
>>> free lpSecurityDescriptor immediately and continue with 
>>> lpSecurityDescriptor == NULL
>>>
>>> Done.
>>>
>>>
>>> 3. Make sure it works on all supported platforms: this code rise 
>>> minimal server version to windows 2003 server.
>>>
>>> In Windows 2003 server my fix will create a new security attributes.
>>> If SetSecurityDescriptorDacl or InitializeSecurityDescriptor will 
>>> return false on Windows XP then my patch will pass NULL to 
>>> CreateNamedPipe and the code will use default security descriptor.
>>>
>>>
>>> BR,
>>> Sergey
>>>
>>> On 11.09.2014 16:16, Dmitry Samersoff wrote:
>>>> Sergey,
>>>>
>>>> 1. You should not free lpSecurityDescriptor if it's null (ll.291)
>>>>
>>>> 2. It's better to re-arrange code a bit:
>>>>
>>>> if InitializeSecurityDescriptor or SetSecurityDescriptorDacl fails, 
>>>> free lpSecurityDescriptor immediately and continue with 
>>>> lpSecurityDescriptor == NULL
>>>>
>>>>
>>>> 3. Make sure it works on all supported platforms: this code rise 
>>>> minimal server version to windows 2003 server.
>>>>
>>>> -Dmitry
>>>>
>>>>
>>>>
>>>> On 2014-09-11 15:49, Sergey Gabdurakhmanov wrote:
>>>>> Hi,
>>>>>
>>>>> Could I please have a review of this small fix.
>>>>>
>>>>> webrev: http://cr.openjdk.java.net/~sgabdura/8057564/webrev.00/
>>>>> bug: https://jbs.oracle.com/bugs/browse/JDK-8057564
>>>>>
>>>>> Problem description:
>>>>> On Windows 7 with User Account Control (UAC) enabled, JVM hangs at 
>>>>> getAgentProperties or getSystemProperties after attaching from a "high"
>>>>> IntegrityLevel JVM to a "medium" IntegrityLevel JVM, using Attach API:
>>>>> attachedVM = com.sun.tools.attach.VirtualMachine.attach(pid);
>>>>> final Properties systemProperties = 
>>>>> attachedVM.getSystemProperties();
>>>>>
>>>>> Root cause:
>>>>> In WindowsVirtualMachine.attach  is implemented with named pipes.
>>>>> If named pipe was created with default security properties then 
>>>>> windows will not allow process with"medium" IntegrityLevel  to be 
>>>>> attached to a processwith "high" IntegrityLevel.
>>>>>
>>>>> Solution:
>>>>> Create security properties that allow requested connection.
>>>>>
>>>>> I'm going to push this fix into JDK9, 8 and 7.
>>>>>     BR,
>>>>> Sergey
>>>>>

More information about the serviceability-dev mailing list