Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8221837

Disable VerifySharedSpaces by default

    Details

    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Interface Kind:
      add/remove/modify command line option
    • Scope:
      Implementation

      Description

      Summary

      Change the default value of VerifySharedSpaces to always be false.

      Problem

      Currently, when starting the VM with -XX:SharedArchiveFile=, the value of VerifySharedSpaces changes from false (default CDS archives are not verified) to true. This has a significant startup cost, which undermines the intended purpose of using -XX:SharedArchiveFile / AppCDS, while not bringing any security benefits (if an attacker can tamper with the archive file we'll run, they can replace it completely with a version that will pass these integrity checks)

      Solution

      Remove the heuristic that sets VerifySharedSpaces to true when running with a user specified shared archive.

      Specification

      VerifySharedSpaces will be set to false in all configurations.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                redestad Claes Redestad
                Reporter:
                redestad Claes Redestad
                Reviewed By:
                David Holmes, Ioi Lam
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: