IBM Support

JR43031: EXECUTE COMMAND FAILS DUE TO SECURITY ENHANCEMENT CHANGES

A fix is available

IBM InfoSphere Information Server, Version 8.5 Fix Pack 3

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The obfuscation of command output from DSExecute causes the
result to be unusable later in a job flow

Local fix

  • Add the environment variable DS_EXECUTE_NO_MASKING=1

Problem summary

  • ****************************************************************
USERS AFFECTED:
Problem affects users of the Command Activity stage on the
job sequencer canvas.
****************************************************************
PROBLEM DESCRIPTION:
The problem is that code to obfuscate encrypted parameters
in the DSExecute routine modified the routines arguments such
that the command being executed was modified and the result
of running the command was also modified. The obfuscation was
intended to only apply to the logged information.
****************************************************************
RECOMMENDATION:
If the obfuscation of encrypted entries within the log is
required then the fix for this problem will need to be applied.
If the original behavior is acceptable then an environment
can be set (see temporary fix).

The fix comprises both server and client changes. With only
the server fix applied jobs will revert to the functionality
prior to the introduction of the obfuscation code. That is
the encrypted strings will appear as is in the job log. If
only the client fix is applied sequences with Command Activity
stages will no longer run after compilation as they will
call a non-existent routine on the server.
****************************************************************

Problem conclusion

  • Resolution of this problem required splitting the obfuscation
code out into a separate routine which is called from the
compiled job sequence after the Command is executed but before
the results are logged.

Temporary fix

  • A temporary fix is possible by reverting the code to its
behavior before the obfuscation step was added. This can be
achieved by adding the environment variable
DS_EXECUTE_NO_MASKING.

Comments

  • 



APAR Information




    

  • APAR number
    JR43031
    • 

  • Reported component name
    WIS DATASTAGE
    • 

  • Reported component ID
    5724Q36DS
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-06-06
    • 

  • Closed date
    2012-07-19
    • 

  • Last modified date
    2012-07-19
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WIS DATASTAGE
    • 

  • Fixed component ID
    5724Q36DS
    • 



Applicable component levels


    

  • R850  PSN
       UP
    • 

  • R870  PSN
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVSEF","label":"InfoSphere DataStage"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback