aaron sloman

I previously reported a mysterious problem with saved images on fedora
core 4 (and some of the more recent FC 3 kernels with SWSUSP available
here (which are very useful):

http://mhensler.de/swsusp/download_en.php

The problem was that running saved images did not work: e.g. the pop11
command, which is equivalent to

basepop11 +startup

worked only randomly.

Later when I tried a machine running FC4, I thought the problem had been
solved, but when a colleague installed FC4 he reported the same problem
with saved images, though he could run basepop11 and compile the code
for the saved images, losing a little time whenever he started. Chris
Dollin also reported the problem.

Today I finally tried using the information there, but was not
able to fix the problem until I made a lucky guess that worked.
That file states:


However when I tried that I got

kernel.exec-shield-randomize' is an unknown key

After searching for other things, I had the idea of reading the
man file for sysctl, where I found that '-a' shows the available
values. So I did

sysctl -a | grep rand

and got this as one of the outputs:

kernel.randomize_va_space = 1

So I tried (nervously)

sysctl -w kernel.randomize_va_space=0

and after that the saved images started every time!

So I have inserted the following in /etc/sysctl.conf

# Prevent problems starting saved images
kernel.randomize_va_space=0

I also later found this online discussion of the issue:

http://www.ussg.iu.edu/hypermail/linux/kernel/0504.3/1451.html

which is part of quite a long inconclusive thread about how to do
this on a per program basis instead of globally.

It seems that the randomize_va_space mechanism is designed to thwart
some viruses. My understanding is that other linux distributions do not
use it. It does not seem to be a good security mechanism for a general
linux installation if it can break random programs and there is no
easy way to turn it off for programs known to be 'safe'. (People
reported trying to use 'setarch' without success.)

Anyhow, this information should help users of FC4 or Redhat systems who
wish to use poplog and are willing to turn off a security measure that
is not included in other linux distributions.

I still have not found time to make the changes required to allow poplog
to be rebuilt or relinked in systems using gcc 4, but pre-built systems
seem to work. I am considering solving the problem temporarily by adding
three versions of basepop11 to the tar file, one linked without X,
one linked with X+motif and one linked with X but not motif.

But I don't know when I'll have time.

Aaron