What's new for IBM i 7.1

Read about new or significantly changed information for the PASE for i topic collection.

The following changes have been made to PASE for i in IBM® i 7.1:

PASE for i is derived from AIX® 6.1, Technology Level 2.
PASE for i now enforces stack execution disable protection.
To improve system security, the behavior for PASE for i programs has changed so that instructions run from memory areas (stack, heap, and shared memory) of a process are blocked. AIX calls this facility stack execution disable (SED) support. Blocking instructions residing in writable memory from running defeats many of the most serious buffer overflow security attacks typically mounted against Internet servers (typically without requiring any server program changes).
PASE for i programs that need to run instructions fetched from memory areas must be marked by setting bits in the header of the main program. A program can be marked to allow instructions from memory areas to be run by using option -brwexec_must when the object file is linked. Existing binaries can be modified using the ldedit utility:
```
ldedit -brwexec_must program_path_name
```
PASE for i in prior releases ignores the bits for SED support. As a result, modified binaries can run without change in those releases.

An attempt to run instructions residing in a memory area in a PASE for i program that is not marked -brwexec_must will generate an MCH6801 exception with reason code 5 in the job log and a SIGILL signal will be raised to the PASE for i program.

One commonly used application that needs to run instructions from memory areas is IBM Technology for Java™. The IBM-supplied Java commands are marked to allow instructions to be run from memory areas. However, applications that use APIs to launch Java in an existing PASE for i enabled process will need to ensure that the main program is suitably marked to allow for instructions to be run from memory areas.
New PASE for i loader based on the AIX 6.1 loader.
The new loader supports 64 KB pagesize on IBM POWER6® or IBM POWER7® processor-based servers, increased 64-bit shared library capacity, increased 32-bit capacity by way of the LDR_CNTRL environment variable NAMEDSHLIB and HUGE_EXEC options and enhanced support for thread-specific storage.
The /dev/urandom character special file can be used as a source of pseudo-random numbers.
The International Components for Unicode (ICU) C library is now provided for use in PASE for i applications
The utilities listed in Table 1 are new:
Table 1. New utilities
ldedit Modify an XCOFF executable file header.

slibclean Remove any currently unused modules in kernel and library memory.

Table 1. New utilities
ldedit	Modify an XCOFF executable file header.
slibclean	Remove any currently unused modules in kernel and library memory.

How to see what's new or changed

To help you see where technical changes have been made, the information center uses:

The image to mark where new or changed information begins.
The image to mark where new or changed information ends.

In PDF files, you might see revision bars (|) in the left margin of new and changed information.

To discover other information about what's new or changed this release, see the Memo to users.