Manualshelf

HP-UX 11i Java™ JDK/JRE Version 7.0.09 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Java Software
14151617181920212223
Now it is allowed, but patches must be installed, the SHLIB_PATH and
LD_LIBRARY_PATH environment variables must be set, and a configuration file must
be set up.
The HP-UX 11i September 2005 Quality Pack patch bundle provided support for /etc/
dld.sl.conf, which allows system administrators to specify a list of trusted paths on
the system. When executing within a setuid environment, the dynamic loader will
compare the paths in SHLIB_PATH/LD_LIBRARY_PATH against the list of trusted paths
found in /etc/dld.sl.conf. If the path is a trusted path, then it will be used for library
lookup.
Users can run Java from a setuid environment if the jre and jli paths are added to
the /etc/dld.sl.conf file as shown below and the
SHLIB_PATH/LD_LIBRARY_PATH is set:
cat /etc/dld.sl.conf:
<java7>/jre/lib/IA64N
<java7>/jre/lib/IA64N/server
<java7>/jre/lib/IA64N/jli
<java7>/jre/lib/IA64W
<java7>/jre/lib/IA64W/server
<java7>/jre/lib/IA64W/jli
echo
<java7>/jre/lib/IA64N:<java7>/jre/lib/IA64N/server:<java7>/jre/lib/IA64N/jli:
<java7>/jre/lib/IA64W:<java7>>/jre/lib/IA64W/server:java7>/jre/lib/IA64W/jli
The conf file should be writable only by root. Otherwise, the loader does not use its
contents. If /etc/dld.sl.conf does not exist or has the wrong permissions, all dynamic
path lookup is disabled. Any relative paths (paths not starting with slash (/) in the path
list are ignored by the loader.
For more information on the /etc/dld.sl.conf file, check the manpage entry for
dld.sl. This file is only referenced when the application is executing within a setuid
environment.
On Integrity HP-UX 11.23 and 11.31 systems, users can launch Java from a setuid
application if they install linker patch PHSS_37201 (11.23), PHSS_37202 (11.31) or
their superseding patches, set SHLIB_PATH and LD_LIBRARY_PATH, and set up /etc/
dld.sl.conf as described above.
X/Open Socket Support
Releases prior to JDK 7.0.05 support HP-UX BSD sockets only. Support for X/Open
Sockets has been added in JDK 7.0.05. See Usage Documentation.
Java API Documentation Updater Tool
To address CVE-2013-1571, users hosting publicly facing Java API Documentation
generated with javadoc 7.0.06 or earlier are strongly encouraged to re-create the Java
API documentation using javadoc from 7.0.09 or above.
22