On 03/04/2017 17:28, Reto Merz wrote:
It was already suggested in another thread by Gregg Wonderly:
Why not introduce a new method
java.lang.SecurityManager#checkAttachAgent(x)?
So the implementation can accept/reject an "attach agent request"
dynamically at runtime.
x could be some additional infos provided by the agent (eg: certificate).
The issue here is nothing to do with the security manager, assume no
security manager in the picture.
Also, FWIW, VirtualMachine.attach has always specified a security
manager for the (probably rare) cases where a tool is run with a
security manager.
-Alan
