Re: Processed: Re: Bug#188475: /usr/bin/localedef confilicts with PAX

[pageexec@freemail.hu]

[potential solutions skipped]

for the record, i emailed mpokrywka@hoga.pl (the original reporter)
last friday about the same, maybe he didn't receive it?

> In any case, I have CC'd the PAX team to get their opinion. PAX
> guys, you can view the bug report at http://bugs.debian.org/188475
> Please let me know what you think.

localedef uses the gcc nested function feature. this in turn needs
runtime code generation which is in direct conflict with the goals
of PaX (because one of the possible bug exploit methods does the
same).

the quick solutions were already listed (chpax, grsec ACLs), i'd
also add rewriting the code to not use nested functions (if memory
serves me right, in this case it's only one instance and can be
safely turned into a normal function call).

resolving the fundamental conflict however is not trivial, and
would require cooperation from different sides. if there's
interest in it, let me know.