On 30/09/2016 09:39, Rafael Winterhalter wrote:
I agree that this should be considered carefully.
However, without a security manager, it is already possible to get
such an instance for most environments. And starting with Java 9, this
will extend to non JDK-VMs as the former tools.jar is now a module.
Assuming you mean the jdk.attach module then it's JDK-specific. It's not
linked into the runtime image that is the JRE for example.
In any case, this proposal is a significant concern as it is exposing
capabilities in the standard API that were intended for tool agents. The
implications are huge.
-Alan
