Hi David,
In addition to what Thomas said I just wanted to mention that currently jcmd
started with elevated privileges ("sudo jcmd") already lists all VM processes
running on the host machine and the assumption is that every process in this
list could be used by jcmd for further communication (e.g. "sudo jcmd <PID>
help"). However, jcmd fails to connect to VMs from the list "sudo jcmd" returns
if VM process was started by another user. These changes were supposed to fix
this inconsistency in jcmd behavior.
Best regards,
Daniil
On 5/23/18, 9:55 PM, "Thomas Stüfe" <thomas.stu...@gmail.com> wrote:
Hi Daniil, David,
I think this fix makes a lot of sense.
First off, contacting a VM with foreign jcmd should not cause the VM
to sputter out thread dumps, nor should jcmd hang and timeout after 10
seconds (which it does). So I'd consider that a bug in any case.
If the desired behavior is really that root shall not see and/or be
able to contact VMs started from a different UID, then this should be
handled gracefully and fast.
However, I think we want jcmd started by root to see all processes and
be able to contact all processes. It is not a security issue, we
agree, yes? Since we are root anyway and can su to be everyone, it
would be security-by-inconvenience :)
So the only reason one would want to prevent root from seeing other
user's processes is because one wants to see only root's processes.
Like in a scenario where tons of processes run on a machine, only some
of them root. But in my experience, this is not a common scenario. It
is way more common (and expected behavior) to want to see everything
as root.
We have a very similar tool in our port (which may slowly phase out in
favour of jcmd), and that tool behaves just like that: when root, you
see everything and can contact everyone. Our support people need that
too.
Just my 5 cent.
Thanks, Thomas
On Thu, May 24, 2018 at 4:53 AM, David Holmes <david.hol...@oracle.com>
wrote:
> Hi Daniil,
>
> I'm not sure I can accept on face-value the proposition that root "must be
> allowed to access all VM processes". I can see it may be convenient in
some
> cases. But is it really necessary? Is it always desirable? I'd like to
know
> what a sys admin might think of this. :)
>
> Further root can always "su" to another user and run jcmd that way.
>
> Cheers,
> David
>
>
> On 24/05/2018 11:11 AM, Daniil Titov wrote:
>>
>> Please review the changes that fix JDK-8197387.
>>
>> There are 2 problems here:
>> 1. JVM ignores .attach_pid<pid> file if it is owned by the user
different
>> from the one that owns this JVM process
>> 2. jcmd checks that .java_pid<pid> socket is owned by the same user that
>> runs jcmd and reports an error otherwise
>>
>> The fix relaxes these checks to allow jcmd started by "root" (UID = 0)
>> access JVMs started by another users.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8197387
>> Webrev: http://cr.openjdk.java.net/~dtitov/8197387/webrev.01/
>>
>> Best regards,
>> Daniil
>>
>>
>
