Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8303619

Runtime.exec and ProcessBuilder.start should use System logger

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 21
    • core-libs
    • None
    • behavioral
    • minimal
    • Hide
      There is no change to the behavior of starting processes.
      The logging is conditional on the logging configuration and is transparent to the process launch.
      Show
      There is no change to the behavior of starting processes. The logging is conditional on the logging configuration and is transparent to the process launch.
    • Java API
    • JDK

      Summary

      Runtime.exec and ProcessBuilder.start should log the start of new processes.

      Problem

      Runtime.exec and ProcessBuilder.start methods create a new operating system process with the program and arguments. Many applications configure a logging subsystem to monitor application events. Logging a process start message with the command, arguments, directory, pid and stack trace can identify the caller and purpose.

      The command and arguments may contain sensitive security information and logging should not be on by default. Application logs can contain sensitive information and logging levels should be reviewed for security risks.

      Logging of the start event is complementary to the process start event generated for JFR (Java Flight Recorder) in JDK-8222000.

      Solution

      The command, arguments, directory used to create the process are logged to the system logger along with the process id and a stack trace when enabled. When enabled for Level.DEBUG only the process id, directory, command, and stack trace are logged. When enabled for Level.TRACE the arguments are included with the process id, directory, command, and stack trace.

      Specification

      An @implNote is added to java.lang.ProcessBuilder.start()

       * @implNote
       * In the reference implementation, logging of the command, arguments, directory, 
       * stack trace, and process id can be enabled.
       * The logged information may contain sensitive security information and the potential exposure
       * of the information should be carefully reviewed.
       * Logging of the information is enabled when the logging level of the
       * {@linkplain System#getLogger(String) system logger} named {@code java.lang.ProcessBuilder}
       * is {@link System.Logger.Level#DEBUG Level.DEBUG} or {@link System.Logger.Level#TRACE Level.TRACE}.
       * When enabled for {@code Level.DEBUG} only the process id, directory, command, and stack trace
       * are logged.
       * When enabled for {@code Level.TRACE} the arguments are included with the process id,
       * directory, command, and stack trace.

      The ProcessBuilder.startPipeline method has the following:

       * @implNote
       * In the reference implementation, logging of each process created can be enabled, 
       * see {@link ProcessBuilder#start()} for details.

      An @implNote is added to each exec method of java.lang.Runtime:

      • exec(String command)
      • exec(String command, String[] envp)
      • exec(String command, String[] envp, File dir)
      • exec(String[] cmdarray)</code></li>
        <li><code class="prettyprint" >exec(String[] cmdarray, String[] envp)</code></li>
        <li><code class="prettyprint" >exec(String[] cmdarray, String[] envp, File dir)

      The implNote is:

       * @implNote
       * In the reference implementation, logging of the created process can be enabled, 
       * see {@link ProcessBuilder#start()} for details.

            rriggs Roger Riggs
            rriggs Roger Riggs
            Alan Bateman, Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: