The JVM Tool Interface (JVMTI) contains extensive facilities to find out about the internals of a running JVM, including facilities to monitor and modify a running Java program. These facilities are rather low level and facilities require the use of the Java Native Interface (JNI) and C Language programming. However, they provide the opportunity
The JVMTI provides opportunities to access fields that would not normally be accessibleinaccessible. Also, there are facilities that can change the behavior of a running Java program (for example, threads can be suspended or stopped). Its profiling tools also allow measuring the time that a thread takes to execute, leaving it applications vulnerable to timing attacks.
Noncompliant Code Example
The JVMTI works by using agents that communicate with the running JVM. These agents are usually loaded at JVM startup via one of the command line options -agentlib
: or -agentpath
:. However, some .
Code Block | ||
---|---|---|
| ||
${JDK_PATH}/bin/java -agentlib:libname ApplicationName
|
Some JVMs allow agents to be started when the JVM is actually already running. Also, platforms that support environment variables allow agents to be specified in such variables, although this feature can be disabled where security is a concern. The JVMTI is always enabled, and JVMTI agents may run under the default security manager without requiring any permissions to be granted. While JVMTI may be useful for debuggers and profilers, such levels of access may be inappropriate for all users of the system on which the JVM runs.
Compliant Solution
To be compliant, ensure that the JVMTI is disabled by default. A JVM that is already running should not be vulnerable to JVMTI based attacks.
Code Block | ||
---|---|---|
| ||
TODO
|
Risk Assessment
Failing to appreciate that a Java application can be monitored and modified via the JVM Tool Interface may lead to an application being deployed that is vulnerable open to attack via this routefrom malicious users.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ENV01-J | low | unlikely | medium | P2 | L3 |
...