On 30/04/2023 23:24, Ron Pressler wrote:
Hi Mike!
On 30 Apr 2023, at 19:59, Mike Hearn <m...@plan99.net> wrote:
we’ve begun to explore means other than the flag to allow a tool to
load an agent at runtime
How about restricting access to the jcmd socket. For in-VM code it can
be blocked at the filesystem implementation level, and for
sub-processes by using the operating system APIs to determine if the
other side of the socket is part of the same process tree at connect
time. This would avoid the need for new UI to re-enable existing jcmd
functionality, whilst preventing code loaded into the VM from
connecting back to that same VM. Only truly external tools could
trigger agent loading, or modules that had been given permission to do
that.
Determining the process on the other side and/or maintaining the
integrity of the process tree is not easy on all OSes.
Right, it's feasible to get the peer pid on some platforms but you can't
rely on the process tree due to re-parenting when a parent terminates.
-Alan
