on 09-10-2013 3:41 AM
In " ASE Quick Installation Guide for Linux", "kernel.exec-shield=0" and “kernel.randomaize-va-space=0” should be set.
But SuSE engineers say that “kernel.exec-shield=0”and “kernel.randomaize-va-space=0” will bring the OS security issue.
Customer want to know why ASE need the above parameters ?
Has anybody the idea for customer's question?
If the parameters are not set as documented, attempts to start additional engines beyond the first one will fail, generating stack traces.
ASE acts in many ways like it's own operating system, scheduling individual user connections (spids) to actively run (note that ASE was developed well before native threading was commonly available). Each spid has it's own stack information that gets swapped in when it is set to "running" state on the engine and swapped out when it yields the engine. The mechanics of this is not that different from the buffer overrun exploits described in the Red Hat document linked to by the
install guide, http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
and the exec-shield mechanics definatately interfere ASE's operations when ASE is using multiple dataserver processes (engines) that swap spids around.
-bret
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
25 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.