Hi Dmitry, I've seen that the bug has been closed as WONTFIX:
https://bugs.openjdk.java.net/browse/JDK-8036559 The reason given is not satisfying though, since it's "This is not on our list of current priorities". I understand that your priorities may be different, but OpenJDK is a community project and as such patches should not be discarded "just because", so unless there's a security consideration that has been evaluated (which then I don't understand why it cannot be shared in the mailing list, the patch is not in and we would learn something useful to prevent a potential problem), or a strong reasoning against having this patch in, I would like to know what we can do to work out the proposed patch so that it can be pushed. Cheers, Mario On Mon, Mar 21, 2016 at 4:00 PM, Elliott Baron <eba...@redhat.com> wrote: > Hi Dmitry, > > On 17/03/16 04:58 AM, Dmitry Samersoff wrote: >> >> Elliott, >> >> I'll take care of the CR. >> >> But as soon as the changes have security implication we should carefully >> evaluate possible side effects. So it takes some time. >> >> -Dmitry >> > > Thanks, let me know if there is anything I can do to help. > > Elliott > > >> >> On 2016-03-17 00:27, Elliott Baron wrote: >>> >>> Hi, >>> >>> I've been working on an updated patch for JDK-8036559, where root does >>> not have the ability to attach to unprivileged users' JVMs. I originally >>> mentioned this problem back in 2013, and proposed a patch only for Linux >>> [1]. The result was that the fix had to provide support for all affected >>> platforms, and to include tests. >>> >>> We worked around this issue in our project, but I revisited this bug >>> recently. I investigated the issue on Windows, which has a very >>> different implementation from the other platforms. I discovered that >>> this bug does not appear to affect Windows. Using the test programs >>> attached to Red Hat Bugzilla bug #1311638 [2], I verified the correct >>> behaviour using the following steps: >>>> >>>> (Open cmd.exe) >>>> runas /user:test cmd.exe >>>> runas /user:Administrator cmd.exe >>>> >>>> (In test's shell) >>>> set TMP=C:\Users\Public\java_temp >>>> cd C:\Users\Public\Documents >>>> javac AttachTarget.java >>>> java AttachTarget >>>> >>>> (In Administrator's shell) >>>> set TMP=C:\Users\Public\java_temp >>>> cd C:\Users\Public\Documents >>>> javac -cp .;C:\Progra~1\Java\jdk1.8.0_74\lib\tools.jar AttachClient.java >>>> java -cp .;C:\Progra~1\Java\jdk1.8.0_74\lib\tools.jar AttachClient >>>> (outputs 'Target ok: AttachTarget') >>> >>> My updated patches target JDK 9, and includes support for Linux, >>> Solaris, Mac OSX, and AIX. As far as tests are concerned, I'm not sure >>> how to add tests for this bug, since doing so would require the test to >>> be run as root. I am attaching the patches to this email, since I am not >>> an OpenJDK committer and do not have access to cr.openjdk.java.net. >>> >>> Thanks, >>> Elliott >>> >>> [1] >>> >>> http://mail.openjdk.java.net/pipermail/serviceability-dev/2013-June/010077.html >>> >>> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1311638 >> >> >