IBM Spectrum LSF Data Manager 10.1 Fix (564671) Readme File
Abstract
P103958. This fix is a security enhancement for LSF Data Manager. It prevents the user from using LSF as arbitrary users by replacing the eauth key in the data packet that is used for the authentication mechanism.
Description
Readme documentation for IBM Spectrum LSF Data Manager 10.1 (564671) including installation-related instructions, prerequisites and co-requisites, and list of fixes.
By default LSF uses eauth for its authentication mechanism, which uses a hardcoded key. This key is generated from an external authentication framework named eauth to secure user credentials for the data stream between LSF clients and servers. However, users can use the eauth in the Community Edition to generate the auth key for any specified user name. Since LSF uses exactly the same key that is available for download in the Community Edition of LSF, anyone can obtain this key and use it to send requests as arbitrary users in an LSF installation.
This fix adds a checksum for each authorization request. Any data packet that is sent to LSF can be identified if it has been modified. This fix can prevent users from changing either the user credential or the content of LSF requests.
Readme file for: IBM® Spectrum LSF Data Manager Product/Component Release: 10.1 Update Name: Fix 564671 Fix ID: lsf-dm-10.1-build564671 Publication date: 17 Dec 2020 Last modified date: 17 Dec 2020 Contents: 1. List of fixes 2. Download location 3. Products or components affected 4. System requirements 5. Installation and configuration 6. List of files 7. Product notifications 8. Copyright and trademark information 1. List of fixes P103958 2. Download Location Download Fix 564671 from the following location: http://www.ibm.com/eserver/support/fixes/ 3. Products or components affected Affected product or components include: Data Manager/bdata 4. System requirements linux2.6-glibc2.3-x86_64 5. Installation and configuration 5.1 Before installation LSF_TOP=Full path to the top-level installation directory of LSF. 1) Before you install this patch, you must install LSF PSIRT patch (Fix ID: lsf-10.1-build564668) appropriately. 2) Log on to the LSF master host as root 3) Set your environment: - For csh or tcsh: % source LSF_TOP/conf/cshrc.lsf - For sh, ksh, or bash: $ . LSF_TOP/conf/profile.lsf 5.2 Installation steps 1) Go to the patch install directory: cd $LSF_ENVDIR/../10.1/install/ 2) Copy the patch file to the install directory $LSF_ENVDIR/../10.1/install/ 3) Run patchinstall: ./patchinstall <patch> 5.3 After installation 1) Log on to the LSF master host as the LSF cluster primary administrator and set the LSF cluster environment 2) Setting LSF_STRICT_CHECKING=ENHANCED in lsf.conf 3) Run 5.4 Uninstallation To roll back a patch: 1) Log on to the LSF master host as root 2) Set your environment: - For csh or tcsh: % source LSF_TOP/conf/cshrc.lsf - For sh, ksh, or bash: $ . LSF_TOP/conf/profile.lsf 3) Run ./patchinstall -r <patch> 3) Log on to the LSF master host as the LSF cluster primary administrator and set the LSF cluster environment 4) Run 6. List of files in package
bdata bstage dmd dm_stagein_helper.sh dm_stagein_transfer.sh dm_stageout_transfer.sh 7. Product notifications
To receive information about product solution and patch updates automatically, subscribe to product notifications on the My notifications page (www.ibm.com/support/mynotifications) on the IBM Support website (support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.
8. Copyright and trademark information © Copyright IBM Corporation 2020 U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Data Manager/bstage
Data Manager/dmd
Data Manager/dm_stagein_helper.sh
Data Manager/dm_stagein_transfer.sh
Data Manager/dm_stageout_transfer.sh
linux3.10-glibc2.17-ppc64le
lnx310-lib217-x86_64
bdata admin reconfig
bdata admin reconfig