Hi Daniil, David, I think this fix makes a lot of sense.
First off, contacting a VM with foreign jcmd should not cause the VM to sputter out thread dumps, nor should jcmd hang and timeout after 10 seconds (which it does). So I'd consider that a bug in any case. If the desired behavior is really that root shall not see and/or be able to contact VMs started from a different UID, then this should be handled gracefully and fast. However, I think we want jcmd started by root to see all processes and be able to contact all processes. It is not a security issue, we agree, yes? Since we are root anyway and can su to be everyone, it would be security-by-inconvenience :) So the only reason one would want to prevent root from seeing other user's processes is because one wants to see only root's processes. Like in a scenario where tons of processes run on a machine, only some of them root. But in my experience, this is not a common scenario. It is way more common (and expected behavior) to want to see everything as root. We have a very similar tool in our port (which may slowly phase out in favour of jcmd), and that tool behaves just like that: when root, you see everything and can contact everyone. Our support people need that too. Just my 5 cent. Thanks, Thomas On Thu, May 24, 2018 at 4:53 AM, David Holmes <david.hol...@oracle.com> wrote: > Hi Daniil, > > I'm not sure I can accept on face-value the proposition that root "must be > allowed to access all VM processes". I can see it may be convenient in some > cases. But is it really necessary? Is it always desirable? I'd like to know > what a sys admin might think of this. :) > > Further root can always "su" to another user and run jcmd that way. > > Cheers, > David > > > On 24/05/2018 11:11 AM, Daniil Titov wrote: >> >> Please review the changes that fix JDK-8197387. >> >> There are 2 problems here: >> 1. JVM ignores .attach_pid<pid> file if it is owned by the user different >> from the one that owns this JVM process >> 2. jcmd checks that .java_pid<pid> socket is owned by the same user that >> runs jcmd and reports an error otherwise >> >> The fix relaxes these checks to allow jcmd started by "root" (UID = 0) >> access JVMs started by another users. >> >> Bug: https://bugs.openjdk.java.net/browse/JDK-8197387 >> Webrev: http://cr.openjdk.java.net/~dtitov/8197387/webrev.01/ >> >> Best regards, >> Daniil >> >> >
