Elliott, I'll take care of the CR.
But as soon as the changes have security implication we should carefully evaluate possible side effects. So it takes some time. -Dmitry On 2016-03-17 00:27, Elliott Baron wrote: > Hi, > > I've been working on an updated patch for JDK-8036559, where root does > not have the ability to attach to unprivileged users' JVMs. I originally > mentioned this problem back in 2013, and proposed a patch only for Linux > [1]. The result was that the fix had to provide support for all affected > platforms, and to include tests. > > We worked around this issue in our project, but I revisited this bug > recently. I investigated the issue on Windows, which has a very > different implementation from the other platforms. I discovered that > this bug does not appear to affect Windows. Using the test programs > attached to Red Hat Bugzilla bug #1311638 [2], I verified the correct > behaviour using the following steps: >> (Open cmd.exe) >> runas /user:test cmd.exe >> runas /user:Administrator cmd.exe >> >> (In test's shell) >> set TMP=C:\Users\Public\java_temp >> cd C:\Users\Public\Documents >> javac AttachTarget.java >> java AttachTarget >> >> (In Administrator's shell) >> set TMP=C:\Users\Public\java_temp >> cd C:\Users\Public\Documents >> javac -cp .;C:\Progra~1\Java\jdk1.8.0_74\lib\tools.jar AttachClient.java >> java -cp .;C:\Progra~1\Java\jdk1.8.0_74\lib\tools.jar AttachClient >> (outputs 'Target ok: AttachTarget') > > My updated patches target JDK 9, and includes support for Linux, > Solaris, Mac OSX, and AIX. As far as tests are concerned, I'm not sure > how to add tests for this bug, since doing so would require the test to > be run as root. I am attaching the patches to this email, since I am not > an OpenJDK committer and do not have access to cr.openjdk.java.net. > > Thanks, > Elliott > > [1] > http://mail.openjdk.java.net/pipermail/serviceability-dev/2013-June/010077.html > > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1311638 -- Dmitry Samersoff Oracle Java development team, Saint Petersburg, Russia * I would love to change the world, but they won't give me the sources.
