On Wed, 22 Dec 2021 18:14:43 GMT, Kevin Walls <kev...@openjdk.org> wrote:
> Remove the use of Security Manager from jstatd. > Add use of an ObjectInputFilter to restrict RMI. > > Also we can undo the property-setting Launcher.gmk change from: 8279007: > jstatd fails to start because SecurityManager is disabled > ..as that is no longer needed. > > Docs/man page update to follow (JDK-8278619). Thanks for the comments - The proxy objects are needed in the filter for this to work at all. The proxy names/numbers and innner class names/numbers are predictable and stable IF we are using jstatd and jstat as standalone programs. But they are unstable if there is other relevant activity in the VM process, e.g. a JMX connection comes in before they are created. We should wildcard the proxy names to work in such a situation: com.sun.proxy.jdk.proxy* I'll mention also that jstatd has always been an experimental feature. The man page warns about lack of authentication and advises usage with caution. ------------- PR: https://git.openjdk.java.net/jdk/pull/6919
