RFR: 8229957: Harden pid verification in attach mechanism
serguei.spitsyn at oracle.com
serguei.spitsyn at oracle.com
Wed Aug 21 00:31:24 UTC 2019
Hi Leonid,
It looks good to me.
Thank you for discovering and fixing this issue!
The only concern I have is if the pid=-1 was used for something, so
added Alan to the list.
Thanks,
Serguei
On 8/20/19 4:32 PM, Leonid Mesnik wrote:
> Hi
>
> Could you review following fix which add sanity check of pid value in
> attach mechanism on *nix based platforms.
>
> PID for java process is always positive on affected OS. Hotspot
> internally uses signal (SIGQUIT) while attaching. So using negative
> numbers as pid might cause very unexpected results and should be
> prevented.
>
> webrev: http://cr.openjdk.java.net/~lmesnik/8229957/webrev.00/
>
> bug: https://bugs.openjdk.java.net/browse/JDK-8229957
>
> I checked that jcmd doesn't allow to connect to negative pids.
>
> Leonid
>
More information about the serviceability-dev
mailing list