Hi, At Wed, 16 Apr 2003 01:01:15 +0200, [EMAIL PROTECTED] wrote: > > [potential solutions skipped] > > for the record, i emailed [EMAIL PROTECTED] (the original reporter) > last friday about the same, maybe he didn't receive it?
Maybe. Mailing to [EMAIL PROTECTED] sends to the only package maintainer - the above To: and Cc: is the complete list. > > In any case, I have CC'd the PAX team to get their opinion. PAX > > guys, you can view the bug report at http://bugs.debian.org/188475 > > Please let me know what you think. > > localedef uses the gcc nested function feature. this in turn needs > runtime code generation which is in direct conflict with the goals > of PaX (because one of the possible bug exploit methods does the > same). Thanks for your comments. > the quick solutions were already listed (chpax, grsec ACLs), i'd > also add rewriting the code to not use nested functions (if memory > serves me right, in this case it's only one instance and can be > safely turned into a normal function call). Do you think to modify glibc or gcc? The nested function is the famous compiler extension. If the trampoline technique is the fundamental problem, I suggest you to see the detail with "info gcc". If you can't get the original paper, please tell me. > resolving the fundamental conflict however is not trivial, and > would require cooperation from different sides. if there's > interest in it, let me know. Well, it seems not to fix easily. Some Java compilers generate its code in non text region for the processor optimization and the match code circumstance in each occasion; it's also conflicts and it's difficult to detect its behavior... Regards, -- gotom
