Disallowing the dynamic loading of agents by default

[Kirk Pepperdine]

I need to retrace this thread to gain more context but my initial thoughts were to all of the tools and techniques that I use and how vulnerable they are to this change vs. what the motivation is for this change. My initial assessment is that this  is going to heavily impact visibility and wipe out the use of so many tools making is so much more difficult than it already is. Especially is you prescribe to a top-down methodical targeted approach to trouble-shooting rather than a shotgun gather everything you can methodology. The former often requires re-instrumentation on the fly. Shutting down to restart when some problems may take a couple of weeks to show really isn’t a great option. I guess you could just turn things back on but then I’d likely recommend that as an across the board setting. Again, I need to dig about to get more context.

Kind regards,
Kirk

> On Mar 19, 2023, at 2:27 AM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> 
> On 19/03/2023 02:51, Yasumasa Suenaga wrote:
>> :
>> 
>> Can we change flag type of EnableDynamicAgentLoading to `manageable` from `product`? If so, we can use JVMTI agent without rebooting system when we encountered some troubles in production system.
> 
> If manageable then it could be enabled at run-time with HotSpotDiagnosticMXBean.setVMOption (or jcmd VM.set_flag), so I think wouldn't change anything. The main issue with JVMTI agents loaded into a running VM is that they can do anything. Even if their capabilities were reduced (and many debugging capabilities are only available in the onload phase) it can still use JNI and bypass access control. So I think a difficult security vs. serviceability trade-off here.
> 
> -Alan.