What you are seeing is now entirely normal and is a result of changes that
were made for the security APAR IY21527.
The platform AIX or Solaris (or Digital or NT) makes no difference.
As soon as you apply this APAR e-fix, or NetView 6.0.3, or NetView
Version 7.1, you will see that all characters which might have special
meaning to a shell in UNIX are now preceded by an escape when used in
command by ovactiond, nvcorrd, actionsvr, or trapd.
Because it is possible for someone to imbed a command inside a varbind,
and thus cause a command to be issued (with root authority) when you echo
that varbind to a file, some characters are now considered illegal and are
escaped (that is, preceded by an escape character) when they appear in a
varbind.
You can either adjust your script accordingly to deal with them or you can
make everything operate as it did before (and leave open the possible
security hole) by setting an environment variable to disable the security
checking. I would advise adjusting the script. For example, wherever you
have $NVATTR_2 , you can replace it with
`echo $NVATTR_2 | sed "s:\\\\\\::g"`
and the sed will remove the escape characters.
The recommended method to disable it all is to create a file called
/usr/OV/bin/netnmrc.pre and in it put the line:
export AdditionalLegalTrapCharacters=disable
Then either reboot or ovstop all the daemons (ovstop nvsecd) and restart
them using /etc/netnmrc (AIX) or /etc/init.d/netnmrc (Solaris).
This is all documented in the e-fix for the APAR. and was carries over
into the 7.1 Release Notes, but was left off of the 6.0.3 Release Notes.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
reamd@Nationwide.com
03/04/2002 12:45 PM
To: nv-l@lists.tivoli.com
cc:
Subject: [nv-l] After 6.03 patch install
Hi All,
I recently in stalled the 6.03 patch and have came across a
problem since the install.We currently have scripts defined to execute
when
certain traps are received such as interface up.down traps, and SNMP
Collection threshold traps. Netview is configured to pass paramenters to
these scripts such as
/usr/local/nwi/scripts/ifthresh $1 $2 "$3" $4 $5. Prior to the patch, all
parameters passed through in clear text, included non alpha-numeric
characters. After the 6.0.3 upgrade patch was applied, all non
alpha-numeric characters are being preceded by a "\" character. For
example, if $1 is the resource name and it = "a-n-aa-drt01", then the
paramneter getting passed to the script is "a\-n\-aa\-drt01". This is
casuing problems in the scripts. Any Idea's?
AIX 4.3.3
Netview 6.03
Thanks, Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com
*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
|