Thanks, Chris. I'll push it then. -Christoph
> -----Original Message----- > From: Chris Plummer [mailto:chris.plum...@oracle.com] > Sent: Dienstag, 8. Mai 2018 22:46 > To: Langer, Christoph <christoph.lan...@sap.com>; serviceability- > d...@openjdk.java.net > Cc: ppc-aix-port-...@openjdk.java.net; Martin Buchholz > <marti...@google.com>; Thomas Stüfe <thomas.stu...@gmail.com> > Subject: Re: RFR (S): 8202650: Enforce group for attach listener file > > Hi Christoph, > > It passed all my testing. > > thanks, > > Chris > > On 5/8/18 5:25 AM, Langer, Christoph wrote: > > Hi Chris, > > > > thanks for reviewing and offering to test, I appreciate that. As Thomas has > reviewed it as well, could you please conduct your testing? I ran it through > our local testing and jdk-submit, no regressions observed. > > > > Thanks & Best regards > > Christoph > > > >> -----Original Message----- > >> From: Chris Plummer [mailto:chris.plum...@oracle.com] > >> Sent: Montag, 7. Mai 2018 20:30 > >> To: Langer, Christoph <christoph.lan...@sap.com>; serviceability- > >> d...@openjdk.java.net > >> Cc: ppc-aix-port-...@openjdk.java.net; Martin Buchholz > >> <marti...@google.com> > >> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file > >> > >> Hi Christoph, > >> > >> The changes look fine. There are some closed aod tests that should be > >> run. I can do this for you once the review is done. > >> > >> thank,s > >> > >> Chris > >> > >> On 5/6/18 12:23 PM, Langer, Christoph wrote: > >>> Hi, > >>> > >>> with that information and Martins links to the specs, I suggest to add the > >> patch to linux as well. I played with the sgid functionality on Linux and > >> it is > the > >> same as on AIX. So, if somebody configured the directory where the > attach > >> listener file is created with sgid, the file will belong to the wrong > >> group. > >>> See my new webrev: > >> http://cr.openjdk.java.net/~clanger/webrevs/8202650.1/ > >>> Thanks > >>> Christoph > >>> > >>>> -----Original Message----- > >>>> From: Chris Plummer [mailto:chris.plum...@oracle.com] > >>>> Sent: Freitag, 4. Mai 2018 23:34 > >>>> To: Langer, Christoph <christoph.lan...@sap.com>; serviceability- > >>>> d...@openjdk.java.net > >>>> Cc: ppc-aix-port-...@openjdk.java.net > >>>> Subject: Re: RFR (S): 8202650: Enforce group for attach listener file > >>>> > >>>> Hi Christoph, > >>>> > >>>> It looks like for bsd this code was added to fix JDK-7152800. In that CR > >>>> I see the following: > >>>> > >>>> "The attach framework will verify that the file has the same effective > >>>> owner and group as the currently running process. This will be true on > >>>> linux, since files are created with the effective user and group as > >>>> owner. This will NOT be true always on macos, since the file can have a > >>>> different group if the temporary directory has a different group than > >>>> what we are currently running as." > >>>> > >>>> So it looks like the fix is not necessary for Linux. It wouldn't hurt to > >>>> experiment by setting the s-bit on the directory and see if you have the > >>>> same problem as macos and AIX. > >>>> > >>>> thanks, > >>>> > >>>> Chris > >>>> > >>>> On 5/4/18 7:29 AM, Langer, Christoph wrote: > >>>>> Hi, > >>>>> > >>>>> please review a change for correctly setting the group for the attach > >>>>> listener file: > >>>>> > >>>>> Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8202650.0/ > >>>>> <http://cr.openjdk.java.net/%7Eclanger/webrevs/8202650.0/> > >>>>> > >>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8202650 > >>>>> <https://bugs.openjdk.java.net/browse/JDK-8202650> > >>>>> > >>>>> The attach listener file, usually /tmp/.java_pid<pid> is created from > >>>>> the hotspot JVM process. Usually it will belong to the process user > >>>>> and group. However, when the directory where it is created has set > the > >>>>> s-bit for groups, the group of the directory is taken. This will cause > >>>>> errors when the attach client tries to connect and it is checked > >>>>> whether the group of the attach file matches the client processes' > >> group. > >>>>> In my webrev I only implemented the change for AIX because we > have > >> run > >>>>> into an issue on that platform. But I can see this code already in > >>>>> place for attachListener_bsd.cpp. And I’m wondering if this should > >>>>> also be added to attachListener_linux.cpp because the sticky-bit could > >>>>> be set with the same effects on Linux, too. Any opinions about that? > >>>>> > >>>>> Thanks and best regards > >>>>> > >>>>> Christoph > >>>>> >
