JDK-8226940 : Adjust permission for delayed starting of debugging
  • Type: CSR
  • Component: core-svc
  • Sub-Component: debugger
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 13
  • Submitted: 2019-06-28
  • Updated: 2019-07-01
  • Resolved: 2019-07-01
Related Reports
CSR :  
JDK-8224673 - Adjust permission for delayed starting of debugging
Description
Summary
-------

The required permission for DCmd VM.start_java_debugging will be changed from monitor to control.

Problem
-------

The DCmd VM.start_java_debugging provides the ability to enable to connect to the VM with a debbugger. As the task of debugging provides the debugger with more than only monitoring capablilities, e.g. fields and data in the VM can be modified, a permission of type "control" seems more suitable.

Solution
--------

The permission needs to be changed in the coding for diagnostic commands in hotspot.

Specification
-------------

The (simple) patch looks like this:  

diff --git a/src/hotspot/share/services/diagnosticCommand.hpp
 b/src/hotspot/share/services/diagnosticCommand.hpp  
--- a/src/hotspot/share/services/diagnosticCommand.hpp  
+++ b/src/hotspot/share/services/diagnosticCommand.hpp  
@@ -880,7 +880,7 @@  
     return "High: Switches the VM into Java debug mode.";  
   }  
   static const JavaPermission permission() {  
-    JavaPermission p = { "java.lang.management.ManagementPermission", "monitor", NULL };  
+    JavaPermission p = { "java.lang.management.ManagementPermission", "control", NULL };  
     return p;  
   }  
   static int num_arguments() { return 0; }
Comments
I will defer to the svc team's judgement on whether or not the behavioral compatibility risk of this change is acceptable or not. For getting this fix in the JDK 13 per the fixVersion setting, I trust all relevant post-rampdown procedures will be used. Moving to Approved.
01-07-2019
Thanks Serguei. Moved to Finalized.
28-06-2019
This CSR looks good. Added myself as a reviewer.
28-06-2019