Hi Thomas, Please review a new version of the fix that includes the changes suggested.
Webrev: http://cr.openjdk.java.net/~dtitov/8197387/webrev.02/ Bug: https://bugs.openjdk.java.net/browse/JDK-8197387 Thank you, Daniil On 5/24/18, 10:51 PM, "Thomas Stüfe" <thomas.stu...@gmail.com> wrote: Hi Daniil, here is my review: - Like Roger I would prefer to have the uid checks factored out. At least for the hotspot coding, I do not know where to put it in jdk coding. For the hotspot parts, I would add something like: os::Posix::is_root(uid_t uid) ; os::Posix::matches_effective_uid_or_root(uid_t uid) // return isroot(uid) || uid == geteuid os::Posix::matches_effective_group_id(gid_t gid) // return gid == getegid to os_posix.hpp/os_posix.cpp Other than that, the changes make sense. Kind Regards, Thomas On Thu, May 24, 2018 at 3:11 AM, Daniil Titov <daniil.x.ti...@oracle.com> wrote: > Please review the changes that fix JDK-8197387. > > There are 2 problems here: > 1. JVM ignores .attach_pid<pid> file if it is owned by the user different from the one that owns this JVM process > 2. jcmd checks that .java_pid<pid> socket is owned by the same user that runs jcmd and reports an error otherwise > > The fix relaxes these checks to allow jcmd started by "root" (UID = 0) access JVMs started by another users. > > Bug: https://bugs.openjdk.java.net/browse/JDK-8197387 > Webrev: http://cr.openjdk.java.net/~dtitov/8197387/webrev.01/ > > Best regards, > Daniil > >
