Module jdk.attach

Class AttachPermission

All Implemented Interfaces:
Serializable, Guard

public final class AttachPermission
extends BasicPermission
When a SecurityManager set, this is the permission which will be checked when code invokes VirtualMachine.attach to attach to a target virtual machine. This permission is also checked when an AttachProvider is created.

An AttachPermission object contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't. The following table provides a summary description of what the permission allows, and discusses the risks of granting code the permission.

Table shows permission target name, what the permission allows, and associated risks
Permission Target Name What the Permission Allows Risks of Allowing this Permission
attachVirtualMachine Ability to attach to another Java virtual machine and load agents into that VM. This allows an attacker to control the target VM which can potentially cause it to misbehave.
createAttachProvider Ability to create an AttachProvider instance. This allows an attacker to create an AttachProvider which can potentially be used to attach to other Java virtual machines.

Programmers do not normally create AttachPermission objects directly. Instead they are created by the security policy code based on reading the security policy file.

See Also:
VirtualMachine, AttachProvider, Serialized Form
  • Constructor Details