Volker, I think we should check the length of passed filename and throw an exception if filename is too long.
Otherwise we can end up opening wrong file with possibly not expected permissions. -Dmitry On 2014-03-27 22:08, Volker Simonis wrote: > Hi, > > a security audit for the PPC64/AIX port revealed an unsecure useage of > 'strcpy' in Java_sun_tools_attach_AixVirtualMachine_connect(). Because > the same coding is also used in the Linux and BSD implementations, the > following change fixes them all together: > > http://cr.openjdk.java.net/~simonis/webrevs/8038233/ > https://bugs.openjdk.java.net/browse/JDK-8038233 > > Compiled and tested (with the com/sun/jdi, com/sun/tools/attach, > com/sun/management and sun/management JTreg tests) on Linux, MacOS X > and AIX. > > Please notice that this fix is also intended for backporting tu 8u. > > Thank you and best regards, > Volker > -- Dmitry Samersoff Oracle Java development team, Saint Petersburg, Russia * I would love to change the world, but they won't give me the sources.