IBM Support

IC71703: DB2UPDV97 RUN AGAINST A FP2 DATABASE WILL GRANT EXECUTE PRIVILEGE TO PUBLIC FOR ROUTINES ON RESTRICTIVE DATABASES

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • db2updv97 is an optional tool executed after applying a new fix
    pack.  When moving from v9.7 Fix Pack 2 to v9.7 Fix Pack 3,
    db2updv97 will create two new routines and grant EXECUTE
    privilege to PUBLIC.  On restrictive databases, PUBLIC is not
    supposed to be granted EXECUTE privilege on these routines,
    however, it is currently being granted by default.
    
    The two functions that are granted EXECUTE privilege to PUBLIC
    on restrictive databases are :
    - SYSPROC.MON_GET_APPLICATION_HANDLE
    - SYSPROC.MON_GET_APPLICATION_ID
    

Local fix

  • If you have applied v9.7 Fix Pack 3 and already run db2updv97,
    then issue two revoke execute from public statements against the
    two mentioned routines.  If you have not yet run db2updv97, then
    run it with the -a option like this:
    
    db2updv97 -d <dbname> -a
    
    which will ensure to assign the appropriate privileges for
    restrictive and non-restrictive databases alike.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * DB2 Version 9.7 Fix Pack 3 servers on Linux, Unix and        *
    * Windows platforms, running db2updv97 on a Fix Pack 2         *
    * database that was created to be restrictive.                 *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * Execute privilege is granted to two newly created routines   *
    * by db2updv97.                                                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply DB2 Version 9.7 Fix Pack 3a to run db2updv97, or run   *
    * db2updv97 with the -a option.  If you have already run       *
    * db2updv97 on DB2 Version 9.7 Fix Pack 3, then manually       *
    * revoke execute privilege from PUBLIC for these two routines. *
    ****************************************************************
    

Problem conclusion

  • Problem is first fixed in DB2 Version 9.7 Fix Pack 3a and all
    subsequent Fix Packs.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC71703

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    970

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-10-05

  • Closed date

    2010-10-28

  • Last modified date

    2010-10-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • R970 PSN

       UP



Document information

More support for: DB2 for Linux, UNIX and Windows

Software version: 9.7

Reference #: IC71703

Modified date: 28 October 2010