PRE-RFR: 8177154: Default configuration should disallow loading agents
Alan Bateman
Alan.Bateman at oracle.com
Fri Mar 24 12:25:32 UTC 2017
On 24/03/2017 12:09, Andrew Dinn wrote:
> :
> I am unclear as to why you say there was never an intention to 'use the
> attach API from regular applications or libraries'. Perhaps this was
> just a bad design decision in the way VirtualMachine.attach or the
> native code which underpins it was crafted. It's fairly clear that
> having implemented this API in Java it would be open for use to load
> into the current VM as well as into a foreign VM and it's hard top see
> how the Genie is not out of the bottle by that point. You could, for
> example, try to plug the gap by refusing to load an agent when the
> target JVM is the requesting JVM. Of course, you could still then suffer
> from cyclical loads via one or more intermediate JVMs so I don't think
> that tactic constitutes a full remedy.
>
It was designed as an API for tools, that is why it was in tools.jar and
not the runtime/JRE. Tools or applications with tools.jar on the class
path could use it to load agents into the current running VM, that has
always been possible. It's futile (as I said) to try to prevent this on
the API side, it can only be disabled on the VM side.
-Alan.
More information about the serviceability-dev
mailing list