-
Bug
-
Resolution: Fixed
-
P3
-
8u171, 10.0.1, 11
-
b17
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8204727 | 11.0.1 | Daniil Titov | P3 | Resolved | Fixed | team |
JDK-8292949 | 8u361 | Larry Cable | P3 | Resolved | Fixed | b01 |
JDK-8295061 | 8u351 | Larry Cable | P3 | Resolved | Fixed | b31 |
JDK-8293414 | 8u341 | Larry Cable | P3 | Closed | Fixed | b32 |
The case is when the user B (root) tries to access with jcmd tool the Java process started by user A.
If user B is the root then launching jcmd without any arguments lists ALL Java processes running regardless what user started them. But trying to access the processes started by another user with jcmd (jcmd <pid or main class name> <jcmd commad>) results in the the Java process dumps threads in the standard output and jcmd prints AttachNotSupportedException.
Below are the steps to reproduce.
1. Login to Oracle Linux 7.4 machine as user (e.g. test) and launch some Java process , e.g. "/jdk/bin/java -cp /test/test.jar SimpleProcess"
2. While the Java process is running connect to the same machine as another user and invoke jcmd to see the list of available commands for this VM (e.g. "sudo /jdk/bin/jcmd SimpleProcess help"; withouts "sudo" jcmd does not see the process started by another user)
Expected result:
Jcmd prints the list of the available commands for the specified Java process
Actual results:
Java process: starts outputting the full thread dump ( see attachment)
Jcmd: prints process id and then throws an exception: com.sun.tools.attach.AttachNotSupportedException: Unable to open socket file /proc/27245/root/tmp/.java_pid27245: target process 27245 doesn't respond within 10500ms or HotSpot VM not loaded
at jdk.attach/sun.tools.attach.VirtualMachineImpl.<init>(VirtualMachineImpl.java:100)
at jdk.attach/sun.tools.attach.AttachProviderImpl.attachVirtualMachine(AttachProviderImpl.java:58)
at jdk.attach/com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:207)
at jdk.jcmd/sun.tools.jcmd.JCmd.executeCommandForPid(JCmd.java:114)
at jdk.jcmd/sun.tools.jcmd.JCmd.main(JCmd.java:98)
[opc@serviceability-1 ~]$
If user B is the root then launching jcmd without any arguments lists ALL Java processes running regardless what user started them. But trying to access the processes started by another user with jcmd (jcmd <pid or main class name> <jcmd commad>) results in the the Java process dumps threads in the standard output and jcmd prints AttachNotSupportedException.
Below are the steps to reproduce.
1. Login to Oracle Linux 7.4 machine as user (e.g. test) and launch some Java process , e.g. "/jdk/bin/java -cp /test/test.jar SimpleProcess"
2. While the Java process is running connect to the same machine as another user and invoke jcmd to see the list of available commands for this VM (e.g. "sudo /jdk/bin/jcmd SimpleProcess help"; withouts "sudo" jcmd does not see the process started by another user)
Expected result:
Jcmd prints the list of the available commands for the specified Java process
Actual results:
Java process: starts outputting the full thread dump ( see attachment)
Jcmd: prints process id and then throws an exception: com.sun.tools.attach.AttachNotSupportedException: Unable to open socket file /proc/27245/root/tmp/.java_pid27245: target process 27245 doesn't respond within 10500ms or HotSpot VM not loaded
at jdk.attach/sun.tools.attach.VirtualMachineImpl.<init>(VirtualMachineImpl.java:100)
at jdk.attach/sun.tools.attach.AttachProviderImpl.attachVirtualMachine(AttachProviderImpl.java:58)
at jdk.attach/com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:207)
at jdk.jcmd/sun.tools.jcmd.JCmd.executeCommandForPid(JCmd.java:114)
at jdk.jcmd/sun.tools.jcmd.JCmd.main(JCmd.java:98)
[opc@serviceability-1 ~]$
- backported by
-
JDK-8204727 jcmd started by "root" must be allowed to access all VM processes
- Resolved
-
JDK-8292949 jcmd started by "root" must be allowed to access all VM processes
- Resolved
-
JDK-8295061 jcmd started by "root" must be allowed to access all VM processes
- Resolved
-
JDK-8293414 jcmd started by "root" must be allowed to access all VM processes
- Closed