[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#188475: /usr/bin/localedef confilicts with PAX

>   Please send under LANG=C.  I don't know what "Unicestwiony" means.
sorry for that, here we go: 

mim:~# dpkg-reconfigure locales
Generating locales...
  pl_PL.ISO-8859-2.../usr/sbin/locale-gen: line 24:  9159 Killed                  localedef -i $input -c -f $charset $locale -A /etc/locale.alias
mim:~#

9159 is PID of killed process rather than source code line number :-)

disabling segmentation based PAGE_EXEC (chpax -s /usr/bin/localedef) was enough
but i compiled kernel with:
CONFIG_GRKERNSEC_PAX_NOEXEC=y
# CONFIG_GRKERNSEC_PAX_PAGEEXEC is not set
CONFIG_GRKERNSEC_PAX_SEGMEXEC=y
for performance reasons (according to compile options help)
i'm not sure enable/disable paging based PAGE_EXEC works
(chpax -s /usr/bin/localedef), because kernel was not
compiled with this option...

i have to add that i am no kernel/security expert, i only wanted
to be on safe side after that ptrace bug discovery.
i installed and run debian on vulnerable kernel so i cannot be
100% sure everything is PAX "compatible" - i only know that
after reboot with new "secure" kernel there was no trouble until now...
regards

__________________________
ignore ads below this line

Serwis www.logo.hoga.pl - sciągaj bajery na telefony
Nokia, Siemens, Alcatel, Ericsson, Motorola,Samsung
------------------------------------------------------------
Promocja!!! rabat 40 % na zakup mks_vir 2003 dla klientów Connect , którzy
posiadaja kupony rabatowe.
Reply to: