Hi Dmitry,

I've seen that the bug has been closed as WONTFIX:

https://bugs.openjdk.java.net/browse/JDK-8036559

The reason given is not satisfying though, since it's "This is not on
our list of current priorities".

I understand that your priorities may be different, but OpenJDK is a
community project and as such patches should not be discarded "just
because", so unless there's a security consideration that has been
evaluated (which then I don't understand why it cannot be shared in
the mailing list, the patch is not in and we would learn something
useful to prevent a potential problem), or a strong reasoning against
having this patch in, I would like to know what we can do to work out
the proposed patch so that it can be pushed.

Cheers,
Mario


On Mon, Mar 21, 2016 at 4:00 PM, Elliott Baron <eba...@redhat.com> wrote:
> Hi Dmitry,
>
> On 17/03/16 04:58 AM, Dmitry Samersoff wrote:
>>
>> Elliott,
>>
>> I'll take care of the CR.
>>
>> But as soon as the changes have security implication we should carefully
>> evaluate possible side effects. So it takes some time.
>>
>> -Dmitry
>>
>
> Thanks, let me know if there is anything I can do to help.
>
> Elliott
>
>
>>
>> On 2016-03-17 00:27, Elliott Baron wrote:
>>>
>>> Hi,
>>>
>>> I've been working on an updated patch for JDK-8036559, where root does
>>> not have the ability to attach to unprivileged users' JVMs. I originally
>>> mentioned this problem back in 2013, and proposed a patch only for Linux
>>> [1]. The result was that the fix had to provide support for all affected
>>> platforms, and to include tests.
>>>
>>> We worked around this issue in our project, but I revisited this bug
>>> recently. I investigated the issue on Windows, which has a very
>>> different implementation from the other platforms. I discovered that
>>> this bug does not appear to affect Windows. Using the test programs
>>> attached to Red Hat Bugzilla bug #1311638 [2], I verified the correct
>>> behaviour using the following steps:
>>>>
>>>> (Open cmd.exe)
>>>> runas /user:test cmd.exe
>>>> runas /user:Administrator cmd.exe
>>>>
>>>> (In test's shell)
>>>> set TMP=C:\Users\Public\java_temp
>>>> cd C:\Users\Public\Documents
>>>> javac AttachTarget.java
>>>> java AttachTarget
>>>>
>>>> (In Administrator's shell)
>>>> set TMP=C:\Users\Public\java_temp
>>>> cd C:\Users\Public\Documents
>>>> javac -cp .;C:\Progra~1\Java\jdk1.8.0_74\lib\tools.jar AttachClient.java
>>>> java -cp .;C:\Progra~1\Java\jdk1.8.0_74\lib\tools.jar AttachClient
>>>> (outputs 'Target ok: AttachTarget')
>>>
>>> My updated patches target JDK 9, and includes support for Linux,
>>> Solaris, Mac OSX, and AIX. As far as tests are concerned, I'm not sure
>>> how to add tests for this bug, since doing so would require the test to
>>> be run as root. I am attaching the patches to this email, since I am not
>>> an OpenJDK committer and do not have access to cr.openjdk.java.net.
>>>
>>> Thanks,
>>> Elliott
>>>
>>> [1]
>>>
>>> http://mail.openjdk.java.net/pipermail/serviceability-dev/2013-June/010077.html
>>>
>>> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1311638
>>
>>
>

Reply via email to