Bhaskar, We now have a gtm50 distribution running on centos 3.5. It wouldn't have happened without you!! The execstack -s commands didn't have the effect I'd hoped. Once setting the exec-shield* files back to an on status the mumps -direct process was again immediately killed. I haven't tried a reboot. Once we do I'll let you know if the 'execstack -s *' produced the results we want. Thank you for the insight into the compiler and for the security workarounds. Always a pleasure working with you, greg _____________________ Date: Tue, 14 Jun 2005 16:28:24 -0400 From: "K.S. Bhaskar" <[EMAIL PROTECTED]> Organization: Fidelity Information Services, Inc. To: [email protected] Subject: [Hardhats-members] Re: gtm50 configure err-msgs %GTM-F-KILLBYSIGSINFO1 Reply-To: [email protected]
Greg -- First, some background: since GT.M is a compiler, and since M requires code to be dynamically compiled and executed, GT.M needs to be able to execute code in a process' heap/stack space. Since this is not a requirement of normal C/C++ programs, and since one of the precepts of good security is to grant no privileges save those that are required, it is increasingly common to disable the ability of a process to execute code from heap/stack space. The signature of the problem looks like this security configuration setting on your system may be preventing GT.M from running properly. If you are not running SELinux, then it is possible that an exec-shield setting is tripping GT.M up (exec-shield is a Linux security feature in Red Hat / Fedora kernels). The following needs to be performed as root. 1. Determine whether exec-shield is operating. Examine the files /proc/sys/kernel/exec-shield and /proc/sys/kernel/exec-shield-randomize: cat /proc/sys/kernel/exec-shield cat /proc/sys/kernel/exec-shield-randomize. 2. If either value is non-zero, you may need to set it to 0: echo 0 >/proc/sys/kernel/exec-shield echo 0 >/proc/sys/kernel/exec-shield-randomize 3. Try installing GT.M now, and if it fails try rebooting the PC, check the values and try again. Please let me know the result of the above. Thanx muchly. -- Bhaskar P.S. In case you want to re-enable exec-shield system wide after GT.M is installed, you can re-enable it, but you should then disable it for GT.M. To disable it for GT.M once installed, assuming that GT.M is installed in /usr/local/gtm-v5, try: execstack -s /usr/local/gtm-v5/mumps execstack -s /usr/local/gtm-v5/libgtmshr.so Greg Martinson wrote: > > To answer your questions in the previous message: > > Are you running as root? Did you encounter this with GT.M V4.4-004? > Yes, I'm running as root. Don't know about v4.4, this is a new > implementation, i.e. no previous gtm versions existed. > > What distribution are you running? > We're running centos 3.5 [RHEL 3 update 5] > > Do you have Security Enhanced Linux turned on? > No. > > Thank you for your help, > gmartinson
<<winmail.dat>>
