The tools.jar
in the JDK contains an API for attaching to a running JVM—the Java Attach API. This is the API used by Mission Control to automatically detect the locally running JVMs. The same framework is also utilized by JRCMD to invoke diagnostic commands.
When a JVM is started, an entry will be created in the temporary directory of the user starting the JVM process. These entries can then be used by JRCMD, through the Java Attach API, to find the JVMs started by the same user as the one running JRCMD. For this to be secure, the Attach API relies on a properly set up temporary directory on a file system with per-file access rights. This means that if the folder is on an insecure file system, such as FAT; JRCMD will not work. It also means that the user running JRCMD and the user running the Java process must be the same. Another implication is that a Java process running as a service on Windows will not be reachable from a JRCMD started from the desktop—they are running...