Hi!
On Fri, Mar 06, 2009 at 03:25:16PM -0800, Ned Ludd wrote:
> FYI.. PaX Team maintains the PaX kernel and has little control over what
> fixes go into the "next" hardened-sources. Also seems to me a little
> strange that the PaX Team would have to put a work-around in the kernel
> for a bug in glibc.. Seems like glibc should be fixed vs the kernel.
Some changes in hardened-sources trigger this bug (which exists for years
and don't bother anybody) and kill my servers (apache and perl are
critical for normal server operation).
I'm neither security expert nor Gentoo developer so I don't pretend to
decide where/how this bug should be fixed and surely don't recommend to
add any work-around in the kernel (but that at a glance looks like one of
possible solutions because previous kernel don't trigger this bug).
Only thing I need to know - how long I've to live with this workaround: is
it will be fixed soon, or I have to prepare to redo these 'execstack -c'
commands in next years after each math-pari/zend/ioncube upgrade... and be
prepared to see other applications unexpectedly crash (on loading new
plugin, for example) because of this bug.
If we'll wait until "several years old glibc bug" will be fixed in glibc -
it probably will take few more years.
Anyway, thank you all for your work!
And for providing this workaround, of course - it's much better to have one.
--
WBR, Alex.
