[JDK-8297451] ProcessHandleImpl should assert privilege when modifying reaper thread - Java Bug System

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P3
Resolution: Fixed
Affects Version/s: 19, 19.0.1
Fix Version/s: 20
Component/s: core-libs
Labels:

Subcomponent:
java.lang
Resolved In Build:
b26
Verification:
Verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8297721	19.0.2	Chris Hegarty	P3	Resolved	Fixed	b07

Description

Changes in JDK 19 result in modifying the process reaper thread
properties, namely `setDaemon` and `setName` without asserting
privileges, which can (depending on your security manager
implementation) result in checking the callers permissions, and its
callers permissions, etc, all the way to the thread's inherited access
control context - which is effectively empty for these threads, since
the repeater threads are innocuous. These operations should be invoked
within doPriv blocks.

Specifically, this is only an issue when running with a security manager
implementation that is more restrictive than that of the default
security manager implementation of checkAccess(Thread).

This issue has been filed to track an issue raised on core-libs-dev:
https://mail.openjdk.org/pipermail/core-libs-dev/2022-November/thread.html#97035

Attachments

Issue Links

backported by

JDK-8297721 ProcessHandleImpl should assert privilege when modifying reaper thread

Resolved

relates to

JDK-8284165 Add pid to process reaper thread name

Resolved

JDK-8279488 ProcessBuilder inherits contextClassLoader when spawning a process reaper thread

Closed

links to

Commit openjdk/jdk19u/998a6f51

Commit openjdk/jdk/50f9043c

Review openjdk/jdk19u/96

Review openjdk/jdk/11309

(2 links to)

Activity

People

Assignee:: Ryan Ernst

Reporter:: Chris Hegarty

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022-11-22 12:19

Updated:: 2023-01-31 03:44

Resolved:: 2022-11-26 12:07