unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



javaexecutedata(8)					   javaexecutedata(8)
Patchkit 5							   Patchkit 5



NAME

  javaexecutedata - Mark JAVA libraries	exempt for Buffer Overflow Protection
  security feature

SYNOPSIS

  /usr/sbin/javaexecutedata [-f] dirname

OPTIONS

  -f  force a file to be marked	exempt even if it is in	use. The file is
      copied, marked, and then moved back to the original file name.

  directory
      use the directory	specified as the starting directory. The default is
      /usr/opt.

DESCRIPTION

  This script is intended to be	run immediately	following the installation of
  the UNIX patch kit that contains the Buffer Overflow Protection security
  feature.

  Java libraries throughout the	system need to be marked in order for Java
  applications,	that run with privilege, to continue to	run properly.  In
  most cases, this will	apply only to applications run as root.	 The recom-
  mended level of security for the patch kit is	such that it only effects
  applications run as root or suid root.  Customers can	set the	protection
  such that all	processes would	be effected but	this is	unnecessary and
  undesirable, especially for Java applications.

  The tunable only effects applications	run as root or suid root. This script
  is intended to be run	initially without specifying a directory name so that
  it will search in standard locations throughout the system for Java
  libraries, setting them exempt using the chatr utility.  Each	time a file
  is chatr'ed, the output from the chatr tool will appear on the screen.  All
  installed Java development kits, Java	Runtime	Environment kits, and operat-
  ing system tools that	include	JREs will be effected by this operation.

  If you have Java applications	(that include a	JRE) or	JNI programs, you may
  need to run this script again	to mark	those Java libraries. The script can
  be invoked by	providing a directory name to exempt Java libraries that are
  found	under that directory tree.  If an application that depends on Java
  begins to fail after installing the security patch, this script is a con-
  venient method for setting the appropriate Java libraries exempt in that
  directory tree.






FILES

  /usr/sbin/javaexecutedata
      Specifies	the command path.


SEE ALSO

  Commands: chatr(1)