When a {@link java.lang.SecurityManager SecurityManager} set, thisis the permission which will be checked when code invokes {@link VirtualMachine#attach VirtalMachine.attach} to attach to a target virtualmachine. This permission is also checked when an {@link com.sun.tools.attach.spi.AttachProvider AttachProvider} is created.
An AttachPermission
object contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't. The following table provides a summary description of what the permission allows, and discusses the risks of granting code the permission.
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
attachVirtualMachine | Ability to attach to another Java virtual machine and load agents into that VM. | This allows an attacker to control the target VM which can potentially cause it to misbehave. |
createAttachProvider | Ability to create an AttachProvider instance. | This allows an attacker to create an AttachProvider which can potentially be used to attach to other Java virtual machines. |
Programmers do not normally create AttachPermission objects directly. Instead they are created by the security policy code based on reading the security policy file.
@see com.sun.tools.attach.VirtualMachine
@see com.sun.tools.attach.spi.AttachProvider