Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The JVM Tool Interface (JVMTI) contains extensive facilities to query the internals of a JVM, including facilities to monitor and modify a running Java program. These low level facilities require the use of the Java Native Interface (JNI) and C Language programming.

The JVMTI provides opportunities access to access fields that would normally be inaccessible. Also, there are facilities that can change the behavior of a running Java program (for example, threads can be suspended or stopped). Its JVMTI profiling tools also allow measuring can measure the time that a thread takes to execute, leaving applications vulnerable to timing attacks.

Noncompliant Code Example

The JVMTI works by using agents that communicate with the running JVM. These agents are usually loaded at JVM startup via one of the command line options -agentlib or -agentpath.

...

Some JVMs allow agents to be started when the JVM is already running. Also, platforms that support environment variables allow agents to be specified in such variables, although this feature can be disabled where security is a concern. The JVMTI is always enabled by default, and JVMTI agents may run under the default security manager without requiring any permissions to be granted. While JVMTI may be useful for debuggers and profilers, such levels of access may be inappropriate for all users of the system on which the JVM runs.

Compliant Solution

To be compliant, do Do not start the JVM on an operational machine with any agents enabled.

Code Block
bgColor#ccccff
${JDK_PATH}/bin/java -Djava.security.manager ApplicationName

Also, it is necessary to disable the environment variable JAVA_TOOL_OPTIONS so that JVMTI agents cannot be specified by this mechanism.

Risk Assessment

Failing to appreciate that Deploying a Java application that can be monitored and modified via using the JVM Tool Interface may lead to an application being deployed that is open to attack from malicious userssignificantly increases the risk of attack.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV01- J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[JVMTI 06|AA. Java References#JVMTI 06]\]
\[[Long 05|AA. Java References#Long 05]\] Section 2.6, The JVM Tool Interface

...