JDK-8341482 : Attach API access to /proc filesystem should use doPrivileged
  • Type: Bug
  • Component: core-svc
  • Sub-Component: tools
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2024-10-03
  • Updated: 2024-10-28
  • Resolved: 2024-10-28
Related Reports
Relates :  
JDK-8327114 - Attach in Linux may have wrong behaviour when pid == ns_pid (Kubernetes debug container)
Description
Updates in JDK-8327114 to the attach API ( 
src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java ) access the /proc filesystem using readlink().

A policy file update enables the test to run, but this area should be using AccessController.doPrivileged(), in case this happens with a Security Manager, and there's untrusted code which then calls into attach (with whatever policy permits that to happen...).

While SM is planned for removal very soon, it would be good have the doPrivileged in the implementation so any backports can benefit.
Comments
superceded by JDK-8342449
28-10-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/21312 Date: 2024-10-02 19:55:29 +0000
03-10-2024