PQ61661: DURING SMP/E INSTALL, OB390.PAX FILEGENERATES DIRECTORIES WITH 777 PERMISSION BITS - SECURITY PROBLEM.

APAR status
Closed as fixed if next.

Error description
During SMP/E install, the ob390.pax file is used to create the
following directories under /usr/lpp/Websphere:
.
_ Dir    777  05/03/2001 15:36  BPXOINIT         8192  dtd
_ Dir    777  05/03/2001 15:37  BPXOINIT         8192  macros
_ Dir    777  05/03/2001 15:31  BPXOINIT         8192  obframe
_ Dir    777  05/03/2001 15:33  BPXOINIT         8192  obprim
_ Dir    777  05/03/2001 15:33  BPXOINIT         8192  rose
_ Dir    777  05/03/2001 15:38  BPXOINIT        20480  template
_ Dir    777  05/03/2001 15:21  BPXOINIT         8192  util
_ Dir    777  05/03/2001 15:21  BPXOINIT         8192  xsl
.
The script file used to issue the pax command to un-pax the file
obunpax.ch, issues the command that doesn't preserve the
permission bits for the directories.  The umask is used to set
those permission bits, so if user is using umask=0000, the
permission bits for the directories would be 777.
Local fix
Issue chmod command to change the permission bits on the
directories to 750.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: During SMP/E install, the OB390.PAX     *
*                      file generates directories with 777     *
*                      permission bits instead of 750          *
*                      permissions bits.                       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
During SMP/E install, the ob390.pax file is used to create the
following directories under /usr/lpp/Websphere:
.
_ Dir    777  05/03/2001 15:36  BPXOINIT         8192  dtd
_ Dir    777  05/03/2001 15:37  BPXOINIT         8192  macros
_ Dir    777  05/03/2001 15:31  BPXOINIT         8192  obframe
_ Dir    777  05/03/2001 15:33  BPXOINIT         8192  obprim
_ Dir    777  05/03/2001 15:33  BPXOINIT         8192  rose
_ Dir    777  05/03/2001 15:38  BPXOINIT        20480  template
_ Dir    777  05/03/2001 15:21  BPXOINIT         8192  util
_ Dir    777  05/03/2001 15:21  BPXOINIT         8192  xsl

The script file used to issue the pax command to un-pax the
file, obunpax.ch, issues the command that doesn't preserve the
permission bits for the directories:

pax -rf bin/ob390.pax

The umask is used to set those permission bits, so if user is
using umask=0000, the permission bits for the directories would
be 777.

The correct command to be used is:

pax -r -pp -f bin/ob390.pax
Problem conclusion Temporary fix Comments
This APAR is being closed FIN with concurrence from the
submitting customer. A solution to this problem will be
delivered in a WebSphere Application Server for z/OS
and OS/390 release within the next 18 months.
APAR information
APAR number PQ61661
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED FIN
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-28
Closed date 2002-07-02
Last modified date 2002-10-16

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels
R401 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ61661
IBM Group: Software Group
Modified date: Oct 16, 2002