PQ61661: DURING SMP/E INSTALL, OB390.PAX FILEGENERATES DIRECTORIES WITH 777 PERMISSION BITS - SECURITY PROBLEM. | |||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||
APAR status Closed as fixed if next. Error description During SMP/E install, the ob390.pax file is used to create the following directories under /usr/lpp/Websphere: . _ Dir 777 05/03/2001 15:36 BPXOINIT 8192 dtd _ Dir 777 05/03/2001 15:37 BPXOINIT 8192 macros _ Dir 777 05/03/2001 15:31 BPXOINIT 8192 obframe _ Dir 777 05/03/2001 15:33 BPXOINIT 8192 obprim _ Dir 777 05/03/2001 15:33 BPXOINIT 8192 rose _ Dir 777 05/03/2001 15:38 BPXOINIT 20480 template _ Dir 777 05/03/2001 15:21 BPXOINIT 8192 util _ Dir 777 05/03/2001 15:21 BPXOINIT 8192 xsl . The script file used to issue the pax command to un-pax the file obunpax.ch, issues the command that doesn't preserve the permission bits for the directories. The umask is used to set those permission bits, so if user is using umask=0000, the permission bits for the directories would be 777.Local fix Issue chmod command to change the permission bits on the directories to 750.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: During SMP/E install, the OB390.PAX * * file generates directories with 777 * * permission bits instead of 750 * * permissions bits. * **************************************************************** * RECOMMENDATION: * **************************************************************** During SMP/E install, the ob390.pax file is used to create the following directories under /usr/lpp/Websphere: . _ Dir 777 05/03/2001 15:36 BPXOINIT 8192 dtd _ Dir 777 05/03/2001 15:37 BPXOINIT 8192 macros _ Dir 777 05/03/2001 15:31 BPXOINIT 8192 obframe _ Dir 777 05/03/2001 15:33 BPXOINIT 8192 obprim _ Dir 777 05/03/2001 15:33 BPXOINIT 8192 rose _ Dir 777 05/03/2001 15:38 BPXOINIT 20480 template _ Dir 777 05/03/2001 15:21 BPXOINIT 8192 util _ Dir 777 05/03/2001 15:21 BPXOINIT 8192 xsl The script file used to issue the pax command to un-pax the file, obunpax.ch, issues the command that doesn't preserve the permission bits for the directories: pax -rf bin/ob390.pax The umask is used to set those permission bits, so if user is using umask=0000, the permission bits for the directories would be 777. The correct command to be used is: pax -r -pp -f bin/ob390.paxProblem conclusion Temporary fix Comments This APAR is being closed FIN with concurrence from the submitting customer. A solution to this problem will be delivered in a WebSphere Application Server for z/OS and OS/390 release within the next 18 months.
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ61661
IBM Group: Software Group
Modified date: Oct 16, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.