nv-l
[Top] [All Lists]

Re: [nv-l] After 6.03 patch install

To: nv-l@lists.tivoli.com
Subject: Re: [nv-l] After 6.03 patch install
From: "James Shanks" <jshanks@us.ibm.com>
Date: Mon, 4 Mar 2002 13:30:39 -0500
What you are seeing is now entirely normal and is a result of changes that 
were made for the security APAR IY21527.

The platform AIX or Solaris (or Digital or NT) makes no difference.
As soon as you apply this APAR e-fix, or NetView 6.0.3,  or  NetView 
Version 7.1, you will see that all characters which might have special 
meaning to a shell in UNIX are now preceded by an escape  when used in 
command by ovactiond, nvcorrd, actionsvr, or trapd.

Because it is possible for someone to imbed a command inside a varbind, 
and thus cause a command to be issued (with root authority) when you echo 
that varbind to a file, some characters are now considered illegal and are 
escaped (that is, preceded by an escape character) when they appear in a 
varbind.
You can either adjust your script accordingly to deal with them or you can 
make everything operate as it did before (and leave open the possible 
security hole) by setting an environment variable to disable the security 
checking.  I would advise adjusting the script.  For example, wherever you 
have $NVATTR_2 , you can replace it with 
`echo $NVATTR_2  |  sed  "s:\\\\\\::g"`
and the sed will remove the escape characters.

The recommended method to disable it all is to create a file called 
/usr/OV/bin/netnmrc.pre  and in it put the line:
        export AdditionalLegalTrapCharacters=disable
 Then either reboot or ovstop all the daemons (ovstop nvsecd) and restart 
them using /etc/netnmrc (AIX) or /etc/init.d/netnmrc (Solaris).
This is all documented in the e-fix for the APAR.  and was carries over 
into the  7.1 Release Notes, but was left off of the 6.0.3 Release Notes. 


James Shanks
Level 3 Support  for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
 





reamd@Nationwide.com
03/04/2002 12:45 PM

 
        To:     nv-l@lists.tivoli.com
        cc: 
        Subject:        [nv-l] After 6.03 patch install

 

Hi All,
          I recently in stalled the 6.03 patch and have came across a
problem since the install.We currently have scripts defined to execute 
when
certain traps are received such as interface up.down traps, and SNMP
Collection threshold traps.  Netview is configured to pass paramenters to
these scripts such as
/usr/local/nwi/scripts/ifthresh $1 $2 "$3" $4 $5.  Prior to the patch, all
parameters passed through in clear text, included non alpha-numeric
characters.  After the 6.0.3 upgrade patch was applied, all non
alpha-numeric characters are being preceded by a "\" character.  For
example, if $1 is the resource name and it = "a-n-aa-drt01", then the
paramneter getting passed to the script is "a\-n\-aa\-drt01".  This is
casuing problems in the scripts. Any Idea's?

AIX 4.3.3
Netview 6.03

Thanks, Dave


---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)





<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web