RFR: 8307977: jcmd and jstack broken for target processes running with elevated capabilities
Sebastian Lövdahl
duke at openjdk.org
Wed Jan 31 08:30:01 UTC 2024
On Tue, 30 Jan 2024 17:00:16 GMT, Bernd Eckenfels <ecki at zusammenkunft.net> wrote:
> Is that actually safe to allow low priveledged user context to attach and control to a higher prived? It can at least overwrite files, but probably also inject code? On the native level a ptrace(2) would probably not be allowed.
It's a good question. For context, this has worked fine in JDK 8, and AFAIK it was never intentionally broken for security reasons.
In some cases the opposite can also be true - that one needs root access to attach to a process is not acceptable or even possible.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/17628#issuecomment-1918616533
More information about the serviceability-dev
mailing list