Re: Processed: Re: Bug#188475: /usr/bin/localedef confilicts with PAX
Hi,
At Wed, 16 Apr 2003 01:01:15 +0200,
pageexec@freemail.hu wrote:
>
> [potential solutions skipped]
>
> for the record, i emailed mpokrywka@hoga.pl (the original reporter)
> last friday about the same, maybe he didn't receive it?
Maybe. Mailing to xxxxxx@bugs.debian.org sends to the only package
maintainer - the above To: and Cc: is the complete list.
> > In any case, I have CC'd the PAX team to get their opinion. PAX
> > guys, you can view the bug report at http://bugs.debian.org/188475
> > Please let me know what you think.
>
> localedef uses the gcc nested function feature. this in turn needs
> runtime code generation which is in direct conflict with the goals
> of PaX (because one of the possible bug exploit methods does the
> same).
Thanks for your comments.
> the quick solutions were already listed (chpax, grsec ACLs), i'd
> also add rewriting the code to not use nested functions (if memory
> serves me right, in this case it's only one instance and can be
> safely turned into a normal function call).
Do you think to modify glibc or gcc?
The nested function is the famous compiler extension. If the
trampoline technique is the fundamental problem, I suggest you to see
the detail with "info gcc". If you can't get the original paper,
please tell me.
> resolving the fundamental conflict however is not trivial, and
> would require cooperation from different sides. if there's
> interest in it, let me know.
Well, it seems not to fix easily.
Some Java compilers generate its code in non text region for the
processor optimization and the match code circumstance in each
occasion; it's also conflicts and it's difficult to detect its
behavior...
Regards,
-- gotom
Reply to: