javaexecutedata(8)javaexecutedata(8)NAMEjavaexecutedata - Mark JAVA libraries exempt for Buffer Overflow Pro‐
tection security feature
SYNOPSIS
/usr/sbin/javaexecutedata [-f] dirname
OPTIONS
force a file to be marked exempt even if it is in use. The file is
copied, marked, and then moved back to the original file name. use the
directory specified as the starting directory. The default is /usr/opt.
DESCRIPTION
This script is intended to be run immediately following the installa‐
tion of the UNIX patch kit that contains the Buffer Overflow Protection
security feature.
Java libraries throughout the system need to be marked in order for
Java applications, that run with privilege, to continue to run prop‐
erly. In most cases, this will apply only to applications run as root.
The recommended level of security for the patch kit is such that it
only effects applications run as root or suid root. Customers can set
the protection such that all processes would be effected but this is
unnecessary and undesirable, especially for Java applications.
The tunable only effects applications run as root or suid root. This
script is intended to be run initially without specifying a directory
name so that it will search in standard locations throughout the system
for Java libraries, setting them exempt using the chatr utility. Each
time a file is chatr'ed, the output from the chatr tool will appear on
the screen. All installed Java development kits, Java Runtime Environ‐
ment kits, and operating system tools that include JREs will be
effected by this operation.
If you have Java applications (that include a JRE) or JNI programs, you
may need to run this script again to mark those Java libraries. The
script can be invoked by providing a directory name to exempt Java
libraries that are found under that directory tree. If an application
that depends on Java begins to fail after installing the security
patch, this script is a convenient method for setting the appropriate
Java libraries exempt in that directory tree.
FILES
Specifies the command path.
SEE ALSO
Commands: chatr(1)javaexecutedata(8)