RFR (S): 8202650: Enforce group for attach listener file

Langer, Christoph christoph.langer at sap.com
Sun May 6 19:15:13 UTC 2018


Hi Bernd,

I can’t assess that and with my change I don’t want to question the group check in general. Maybe some of the owners of that code can comment on that.

Best regards
Christoph

From: Bernd Eckenfels [mailto:ecki at zusammenkunft.net]
Sent: Freitag, 4. Mai 2018 17:44
To: Langer, Christoph <christoph.langer at sap.com>; serviceability-dev at openjdk.java.net
Cc: ppc-aix-port-dev at openjdk.java.net
Subject: AW: RFR (S): 8202650: Enforce group for attach listener file

Hello,

from the description below it sounds it would also be possible to remove the Group check. Would this not be an Option which more flexible allows sgid to be used as intended? (Not that I can imagine anybody Setting a sgid on /tmp?!) What is the Purpose of validating the Group ownership?

Gruss
Bernd
--
http://bernd.eckenfels.net

Von: Langer, Christoph<mailto:christoph.langer at sap.com>
Gesendet: Freitag, 4. Mai 2018 17:00
An: serviceability-dev at openjdk.java.net<mailto:serviceability-dev at openjdk.java.net>
Cc: ppc-aix-port-dev at openjdk.java.net<mailto:ppc-aix-port-dev at openjdk.java.net>
Betreff: RFR (S): 8202650: Enforce group for attach listener file

Hi,

please review a change for correctly setting the group for the attach listener file:

Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8202650.0/
Bug: https://bugs.openjdk.java.net/browse/JDK-8202650

The attach listener file, usually /tmp/.java_pid<pid> is created from the hotspot JVM process. Usually it will belong to the process user and group. However, when the directory where it is created has set the s-bit for groups, the group of the directory is taken. This will cause errors when the attach client tries to connect and it is checked whether the group of the attach file matches the client processes' group.

In my webrev I only implemented the change for AIX because we have run into an issue on that platform. But I can see this code already in place for attachListener_bsd.cpp. And I’m wondering if this should also be added to attachListener_linux.cpp because the sticky-bit could be set with the same effects on Linux, too. Any opinions about that?

Thanks and best regards
Christoph


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20180506/ddb230ee/attachment.html>


More information about the serviceability-dev mailing list