Disallowing the dynamic loading of agents by default (revised)
Alan.Bateman at oracle.com
Thu Apr 6 07:56:34 UTC 2017
On 05/04/2017 17:55, David M. Lloyd wrote:
> This is just plain weird from a security perspective, to say that
> unrelated processes have more privilege to control the current process
> than processes that are closely related.
> Anyway this is yet another case where arbitrary artificial hurdles are
> put in place for the purpose of human behavior modification. Such
> hurdles can always be bypassed, generally resulting in even uglier
> situations that the one you're trying to avoid. In this case I can
> just fire a child process and then attach to it from the parent. Or
> fire off two sibling processes and have one attach to the other.
> Nothing is being saved here.
This thread/proposal is concerned with libraries using APIs intended for
tools to do brain surgery in the current VM. Launching VMs and attaching
to those VMs isn't a concern, no issue with sibling VMs attaching to
each other either either.
More information about the jigsaw-dev