RFR: 8307977: jcmd and jstack broken for target processes running with elevated capabilities
Severin Gehwolf
sgehwolf at openjdk.org
Mon Feb 5 16:33:04 UTC 2024
On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl <duke at openjdk.org> wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated capabilities
This looks good to me, but would like for somebody from the serviceability group to look at this as well. @plummercj perhaps?
> _Mailing list message from [Bernd Eckenfels](mailto:ecki at zusammenkunft.net) on [serviceability-dev](mailto:serviceability-dev at mail.openjdk.org):_
>
> Is that actually safe to allow low priveledged user context to attach and control to a higher prived? It can at least overwrite files, but probably also inject code? On the native level a ptrace(2) would probably not be allowed.
Note that for the dynamic attach mechanism the file ownership of the files the JVM creates on both sides need to match. In this case it's user `A` with potentially elevated privileges (e.g. to bind to a port), and the attach happens from user `A` as well (without the same elevated privileges). So this doesn't make the security worse. It remains questionable if it's safe to be allowed to attach in that case, but it's been like that in older releases (JDK 8).
-------------
Marked as reviewed by sgehwolf (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/17628#pullrequestreview-1863246100
PR Comment: https://git.openjdk.org/jdk/pull/17628#issuecomment-1927383380
More information about the serviceability-dev
mailing list