cancel
Showing results for 
Search instead for 
Did you mean: 

About "kernel.exec-shield" and "because they will bring security issue" for linux ASE

Former Member
0 Kudos

In " ASE Quick Installation Guide for Linux", "kernel.exec-shield=0" and  “kernel.randomaize-va-space=0” should be set.

But SuSE engineers say that  “kernel.exec-shield=0”and “kernel.randomaize-va-space=0” will bring the OS security issue.

Customer want to know why ASE need the above parameters ?

Has anybody the idea for customer's question?

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member188958
Active Contributor
0 Kudos

If the parameters are not set as documented, attempts to start additional engines beyond the first one will fail, generating stack traces.

ASE acts in many ways like it's own operating system, scheduling individual user connections (spids) to actively run (note that ASE was developed well before native threading was commonly available).  Each spid has it's own stack information that gets swapped in when it is set to "running" state on the engine and swapped out when it yields the engine.  The mechanics of this is not that different from the buffer overrun exploits described in the Red Hat document linked to by the

install guide, http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf

and the exec-shield mechanics definatately interfere ASE's operations when ASE is using multiple dataserver processes (engines) that swap spids around.

-bret

Former Member
0 Kudos

Hi, Bret Halford

      Thanks you .