Following the change introduced in v220.127.116.11 of C:D for UNIX (apar IC86881) whereby environment variables are sanitized, IBM should provide a better mechanism for setting environment variables for Run Task and Run Job steps in a secure manner. Although IBM has provided the ndm.env_vars:sanitize=n parameter in initparm.cfg to reinstate the old behaviour, this re-opens the vulnerability which IC86881 was meant to address.
We propose a new initparm item referencing a new initialization file that contains name/value pairs for the desired environment variable settings, for example:
The syntax in the last line is merely an example. There would obviously need to be some special syntax to specify the local user to which the relevant SPOE (proxy) maps. I have used %USER% in this example.