Re: Processed: Re: Bug#188475: /usr/bin/localedef confilicts with PAX

[pageexec@freemail.hu]

> So how to fix Java or X11 case?  Are there any methods to provide
> chpax.sh in debian?  My opinion is "debian should provide chpax.sh to
> deal with such pax-unaware applications".

the real solution is to make these apps POSIX compliant (which allows
an implementation to not support arbitrary mmap()/mprotect() protection
flag combinations, but these apps blindly expect stuff to work instead
of having failover code, or doing things properly in the first place).

XFree86 itself can be easily fixed: compile a static server (which as
a nice sideeffect has a smaller memory footprint as well). other than
this, there is the Trusted Debian project where all these concerns should
be directed to as they are going to face and solve them as well (we're
actively working together already). XFree86 also has its fair share of
not doing things properly: when it loads relocatable ELF objects (ET_REL
ELF files, such as those put into .a libraries) it uses the malloc()
family to allocate memory which is not executable.

> Glibc package does not have chpax binary, so it's difficult to provide
> such functions.  The appropriate package to provide such feature is
> currently chpax, I think.

glibc doesn't need chpax, it needs to be POSIX compliant (ditto for gcc).
i'll address this in the response to your other mail.