Patchkit 5 Patchkit 5
javaexecutedata - Mark JAVA libraries exempt for Buffer Overflow Protection
/usr/sbin/javaexecutedata [-f] dirname
-f force a file to be marked exempt even if it is in use. The file is
copied, marked, and then moved back to the original file name.
use the directory specified as the starting directory. The default is
This script is intended to be run immediately following the installation of
the UNIX patch kit that contains the Buffer Overflow Protection security
Java libraries throughout the system need to be marked in order for Java
applications, that run with privilege, to continue to run properly. In
most cases, this will apply only to applications run as root. The recom-
mended level of security for the patch kit is such that it only effects
applications run as root or suid root. Customers can set the protection
such that all processes would be effected but this is unnecessary and
undesirable, especially for Java applications.
The tunable only effects applications run as root or suid root. This script
is intended to be run initially without specifying a directory name so that
it will search in standard locations throughout the system for Java
libraries, setting them exempt using the chatr utility. Each time a file
is chatr'ed, the output from the chatr tool will appear on the screen. All
installed Java development kits, Java Runtime Environment kits, and operat-
ing system tools that include JREs will be effected by this operation.
If you have Java applications (that include a JRE) or JNI programs, you may
need to run this script again to mark those Java libraries. The script can
be invoked by providing a directory name to exempt Java libraries that are
found under that directory tree. If an application that depends on Java
begins to fail after installing the security patch, this script is a con-
venient method for setting the appropriate Java libraries exempt in that
Specifies the command path.