Information
A communication exit library is a dynamically loaded library that vendor applications use to examine communication buffers. The COMM_EXIT_LIST parameter specifies the list of communication buffer exist libraries. The permissions on the libraries should be secured so that users other than the instance owner do not have write privileges.
Rationale:
If a malicious user has write access to a communication exit library, they can overwrite it with their own thereby receiving all of the communication buffers that Db2 receives over the network. Securing the libraries will prevent a loss of confidentiality of data.
Solution
To change permissions of a file on Linux:
chmod 755 <file>
To change permissions of a file on Windows:
Right-click on the file
Choose properties
Select the Security tab
Grant the Full Control authority to all Db2 administrator accounts
Grant only read and execute privileges to all other accounts (revoke any other privileges)