jstack - well-known file is not secure
I am running tomcat 5.5 on x86_64 CentOS 5.7 using 32-bit Oracle Java 1.6.0.
JVM process used by tomcat has 6421 pid. Tomcat is working fine.
When run
-
I just would like to add that you might need to specify your /tmp directory by -J option, since not all apps use the the default one
jstack -J-Djava.io.tmpdir=PATH -l PID讨论(0) -
This is the one liner I use to make sure I'm always using the correct user permissions:
proc="my-process-name"; pid=`pgrep -f "${proc}"`; sudo -u "#`ps axo uid,pid | grep "${pid}" | tr -s " " | cut -f2 -d" "`" /usr/bin/jstack -l "${pid}" > /mnt/dumps/"${proc}"-`date +%s`.txt讨论(0) -
Besides running with the same user, make sure that the group id of the user running jstack/jmap is also the same from the process.
Take a look at the source code that checks for file permission (line 347). We can see that the function getting the group id is not an array, so it could be possible that the user has other groups, which started the process.
You might have to change the primary group from the user:
#usermod -g group -G user user讨论(0) -
when
-Fis used, the jvm will be frozen.If you can find the
file: /tmp/hsperfdata_$USER/$PID. Just try to switch to the$USER, and thenexec jstack. You are running with "root", but that process may not belong to root.if
$USERdoes not have a login shell (i.e. daemon users), and thus can not switch to that user, you can work around this by usingsudo -u $USER jstack $PID讨论(0)
加载中...
- 热议问题