RFR 8197387: jcmd started by "root" must be allowed to access all VM processes
David Holmes
david.holmes at oracle.com
Thu May 24 02:53:41 UTC 2018
Hi Daniil,
I'm not sure I can accept on face-value the proposition that root "must
be allowed to access all VM processes". I can see it may be convenient
in some cases. But is it really necessary? Is it always desirable? I'd
like to know what a sys admin might think of this. :)
Further root can always "su" to another user and run jcmd that way.
Cheers,
David
On 24/05/2018 11:11 AM, Daniil Titov wrote:
> Please review the changes that fix JDK-8197387.
>
> There are 2 problems here:
> 1. JVM ignores .attach_pid<pid> file if it is owned by the user different from the one that owns this JVM process
> 2. jcmd checks that .java_pid<pid> socket is owned by the same user that runs jcmd and reports an error otherwise
>
> The fix relaxes these checks to allow jcmd started by "root" (UID = 0) access JVMs started by another users.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8197387
> Webrev: http://cr.openjdk.java.net/~dtitov/8197387/webrev.01/
>
> Best regards,
> Daniil
>
>
More information about the serviceability-dev
mailing list