mlockall_agent icon indicating copy to clipboard operation
mlockall_agent copied to clipboard

verified publisher icon toddlipcon

Metadata

JVMTI agent which calls mlockall and setuids down to a target user upon initialization

Overview:

mlockall_agent is a simple JVMTI agent that runs a small piece of code at JVM start time.

This code does the following:

  • Raises the current process's resource limit for locked memory
  • Calls mlockall() to lock all current and future allocations in wired memory
  • Sets the current userid and group list to match a target user
  • Continues on JVM initialization

Usage:

Simply add the following JVM argument to the Java command line: -agentpath:/path/to/libmlockall_agent.so=user=target_user_for_setuid

Then, run the Java process as root.

If the Java command line is obscured within a script, you can also use the JAVA_TOOL_OPTIONS environment variable for the same effect.

Metadata

21
Stars
6
Forks
Watchers

Owner

verified publisher icon toddlipcon

Metadata

JVMTI agent which calls mlockall and setuids down to a target user upon initialization

Back