An AttachPermission object contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't. The following table provides a summary description of what the permission allows, and discusses the risks of granting code the permission.
| Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
|---|---|---|
| attachVirtualMachine | Ability to attach to another Java virtual machine and load agents into that VM. | This allows an attacker to control the target VM which can potentially cause it to misbehave. |
| createAttachProvider | Ability to create an AttachProvider instance. | This allows an attacker to create an AttachProvider which can potentially be used to attach to other Java virtual machines. |
Programmers do not normally create AttachPermission objects directly. Instead they are created by the security policy code based on reading the security policy file. @see com.sun.tools.attach.VirtualMachine @see com.sun.tools.attach.spi.AttachProvider
| |
| |