On Tue, 30 Jan 2024 10:47:22 GMT, Sebastian Lövdahl <d...@openjdk.org> wrote:
> 8307977: jcmd and jstack broken for target processes running with elevated > capabilities This looks good to me, but would like for somebody from the serviceability group to look at this as well. @plummercj perhaps? > _Mailing list message from [Bernd Eckenfels](mailto:e...@zusammenkunft.net) > on [serviceability-dev](mailto:serviceability-...@mail.openjdk.org):_ > > Is that actually safe to allow low priveledged user context to attach and > control to a higher prived? It can at least overwrite files, but probably > also inject code? On the native level a ptrace(2) would probably not be > allowed. Note that for the dynamic attach mechanism the file ownership of the files the JVM creates on both sides need to match. In this case it's user `A` with potentially elevated privileges (e.g. to bind to a port), and the attach happens from user `A` as well (without the same elevated privileges). So this doesn't make the security worse. It remains questionable if it's safe to be allowed to attach in that case, but it's been like that in older releases (JDK 8). ------------- Marked as reviewed by sgehwolf (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/17628#pullrequestreview-1863246100 PR Comment: https://git.openjdk.org/jdk/pull/17628#issuecomment-1927383380
