Package: libc6 Version: 2.3.2.ds1-12 Severity: important Tags: sid On Linux 2.6.5 with the PaX patch applied: http://pax.grsecurity.net/pax-linux-2.6.5-200404181525.patch and the CONFIG_PAX_NOVSYSCALL flag enabled, the system dies during startup with a series of PaX errors: PAX: execution attempt in: <anonymous mapping>, 5a9b9000-5a9bc000 ffffe000 PAX: terminating task: /sbin/init(init):1, uid/euid: 0/0, PC: 5a9bb6d4, SP: 5a9bb404 PAX: bytes at PC: 58 b8 77 00 00 00 cd 80 00 00 00 00 20 b7 9b 5a 05 00 00 00 PAX: bytes at SP: 00000011 00000033 00000000 0000007b 0000007b 5a9bb718 00000000 5a9bb718 5a9bb6e0 0000000b 00000000 5a9bb720 fffffffc 00000000 00000000 24a99398 00000073 00000246 5a9bb6e0 0000007b Kernel panic: Attempted to kill init! The PaX maintainer diagnoses this as a glibc problem, saying: [20:19:32] <pipacs> flamingcow,that's the sigreturn trampoline [20:19:56] <pipacs> wihch glibc should provide and use itself but instead it entirely relies on the kernel's vsyscall page [20:20:16] <flamingcow> can i quote you on that? [20:20:18] <pipacs> or when that's not available, it falls back on whatever the kernel used to provide [20:20:28] <pipacs> which happens to be on the (non-exec) stack [20:20:33] <pipacs> the rest you can see yourself ;P [20:20:43] <pipacs> sure, just quote it entirely [20:20:48] <pipacs> so that they know what to fix [20:21:10] <pipacs> basically, they should fall back onto glibc's own sigreturn code and not that of the kernel's when vsyscall is not enabled On the same kernel, simply disabling NOVSYSCALL causes the system to work properly. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.5 Locale: LANG=C, LC_CTYPE=C Versions of packages libc6 depends on: ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl -- no debconf information
Attachment:
signature.asc
Description: Digital signature
Attachment:
binfFk1awilfJ.bin
Description: application/postage-hashcash