If you are going to be using ASE 12.5 or ASE 15 with the upcoming Red Hat Enterprise Linux 5.0, there are two CRs that you need to know about:
- CR 450004 – XP Server and Backupserver (64bit)
- CR 432482 – ASE 15
The problem is the result of using the jmp() and longjmp() functions in the GNU C Library version 2.4 (glibc 2.4).
setjmp() and longjmp() are useful for dealing with errors and interrupts encountered in a low-level subroutine of a program. setjmp() saves the stack context/environment in env for later use by longjmp(). The stack context will be invalidated if the function which called setjmp() returns.
Starting in glibc 2.4, the jmpbuf is unavailable due to a security exploit known for several years. Restricting access to the jmpbuf was an effort by the glibc maintainers to ‘close this hole’ by forcing the application writers to use the sigsetjmp() and siglongjmp() instead.
The problem with using sigsetjmp() and siglongjmp() is that they aren’t thread safe. This is supposed to be fixed in glibc 2.6 according to a contact at Sybase but Sybase *does* have a workaround for this issue and will be putting it into the ASE v15 codeline when they perform the RHEL 5 certification sometime next year.
I wasn’t able to find much information the supposed exploit. I only found a few newsgroup posts that didn’t provide any details.