Hello, from the description below it sounds it would also be possible to remove the Group check. Would this not be an Option which more flexible allows sgid to be used as intended? (Not that I can imagine anybody Setting a sgid on /tmp?!) What is the Purpose of validating the Group ownership?
Gruss Bernd -- http://bernd.eckenfels.net Von: Langer, Christoph Gesendet: Freitag, 4. Mai 2018 17:00 An: serviceability-dev@openjdk.java.net Cc: ppc-aix-port-...@openjdk.java.net Betreff: RFR (S): 8202650: Enforce group for attach listener file Hi, please review a change for correctly setting the group for the attach listener file: Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8202650.0/ Bug: https://bugs.openjdk.java.net/browse/JDK-8202650 The attach listener file, usually /tmp/.java_pid<pid> is created from the hotspot JVM process. Usually it will belong to the process user and group. However, when the directory where it is created has set the s-bit for groups, the group of the directory is taken. This will cause errors when the attach client tries to connect and it is checked whether the group of the attach file matches the client processes' group. In my webrev I only implemented the change for AIX because we have run into an issue on that platform. But I can see this code already in place for attachListener_bsd.cpp. And I’m wondering if this should also be added to attachListener_linux.cpp because the sticky-bit could be set with the same effects on Linux, too. Any opinions about that? Thanks and best regards Christoph
