[potential solutions skipped] for the record, i emailed [EMAIL PROTECTED] (the original reporter) last friday about the same, maybe he didn't receive it?
> In any case, I have CC'd the PAX team to get their opinion. PAX > guys, you can view the bug report at http://bugs.debian.org/188475 > Please let me know what you think. localedef uses the gcc nested function feature. this in turn needs runtime code generation which is in direct conflict with the goals of PaX (because one of the possible bug exploit methods does the same). the quick solutions were already listed (chpax, grsec ACLs), i'd also add rewriting the code to not use nested functions (if memory serves me right, in this case it's only one instance and can be safely turned into a normal function call). resolving the fundamental conflict however is not trivial, and would require cooperation from different sides. if there's interest in it, let me know.
