New candidate JEP: 451: Prepare to Disallow the Dynamic Loading of Agents

[Brice Dutheil]

Hi,

I do share some concerns of the community, however many have voiced it with
a better english that I could ever do. But I'd like to mention two things:

1. There is another usage that I think will be visibly impacted : in tests
it's often necessary to alter part of the system to stress some parts. In
doing so some libraries offer these capabilities, often by relying on an ad
hoc agent ; I hope this falls in the useful application of this mechanism.
I understand the goal is mostly about applications running in production,
yet it's likely the effect will be visible well before code reaches
production.

2. I was wondering however about the relation of this JEP with the
following property :

```
-Djdk.attach.allowAttachSelf=true
```

This affects the attachment not agent loading, however I believe this JEP
should at least mention this property as well as it seems directly tied to
one of the mentioned problems about detecting who loads the agent.

Best regards
-- Brice


On Wed, May 10, 2023 at 1:08 PM Volker Simonis <volker.simonis at gmail.com>
wrote:

> On Mon, May 8, 2023 at 9:17 PM Mark Reinhold <mark.reinhold at oracle.com>
> wrote:
> >
> > https://openjdk.org/jeps/451
> >
> >   Summary: Issue warnings when agents are loaded dynamically into a
> >   running JVM. These warnings aim to prepare users for a future release
> >   which disallows the dynamic loading of agents by default in order to
> >   improve integrity by default. Serviceability tools that load agents at
> >   startup will not cause warnings to be issued in any release.
> >
> > - Mark
>
> First of all, thanks for adopting the "warning first" approach before
> disabling dynamic agent loading by default. I think that's reasonable
> and useful.
>
> I still wonder why this JEP has scope "SE"? During the discussion
> about the draft (which was initially about "disallowing by default")
> it was mentioned that once dynamic loading will be disabled by
> default, this will be mandated in the platform spec (e.g. in the
> package documentation of the java.lang.instrument package [1]). But
> now that the JEP was softened to a warning, do you still plan to
> mandate the warning in the SE platform spec as well?
>
> In general, I think the current specification (e.g. in [1]) is good
> and gives vendors the freedom to choose the approach which is most
> appropriate for their users (e.g. they could already now disable
> dynamic agent loading by default):
>
> "An implementation may provide a mechanism to start agents sometime
> after the VM has started. The details as to how this is initiated are
> implementation specific".
>
> Explicitly forbidding dynamic agent loading without a command line
> option in the specification seems over-regulative to me.
>
> Finally, I think it feels a little unfortunate that a JEP candidate
> already contains and mentions the JDK release where it will be
> implemented. This could create the impression that the JEP has been
> targeted long before it was publicly discussed and proposed.
>
> Thank you and best regards,
> Volker
>
> [1]
> https://docs.oracle.com/en/java/javase/20/docs/api/java.instrument/java/lang/instrument/package-summary.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/serviceability-dev/attachments/20230516/93ff5c73/attachment.htm>