Comment 1 solar (RETIRED) 2005-03-18 16:29:07 UTC

what did dmesg say after it was Killed?

Hi,
Strange thing was that this 'kill'message is in the logs only, really the build process goes on and finishes OK. Maybe it just can't build the locales or zero-size.
Only afterwards when starting/using glibc there are no other locales exept the defaults, otherwise glibc works wonderfully (just missing the locales).
Will recompile glibc-20050125-r1 again as i went back to glibc-20041102, needed it to use BG-locales.
Will report later when re-emerge glibc-10050125-r1. Another tip, a week or more ago (when glibc-10050125 went out) tried it too with same result, no locales, but the binary was only around 10MB, while 20041102 & 20050125-r1 are around 16/15MB.
Now ckecking: have many locale files with <>0 sizes (root:root owned) in /usr/share/i18n/locales dir.
Can't give any more info now.
PS: think of tring to switch off shared-memory protection in grsec (recompile kernel), have many problems (seems so) with it ON, mozilla other apps.
Thanks
Rumen

Same problem here, seems to be hardened related : I have this problem only on my hardened machine :
=================8<=================
Portage 2.0.51.19 (hardened/x86/2.6, gcc-3.4.3, glibc-2.3.4.20050125-r1, 2.6.11-xwing i686)
=================================================================
System uname: 2.6.11-xwing i686 Intel(R) Celeron(R) CPU 2.53GHz
Gentoo Base System version 1.6.10
Python:              dev-lang/python-2.3.5 [2.3.5 (#1, Feb 17 2005, 23:18:59)]
dev-lang/python:     2.3.5
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r6
sys-devel/libtool:   1.5.14
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium4 -O2 -mtune=pentium4 -fomit-frame-pointer -ffast-math -funroll-loops -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -O2 -mtune=pentium4 -fomit-frame-pointer -ffast-math -funroll-loops -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig buildsyspkg candy ccache distlocks sandbox userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/ftp/mirror/gentoo/ http://ftp.gentoo.skynet.be/pub/gentoo/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/"
LC_ALL="fr_FR@euro"
MAKEOPTS="-j2"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://r2d2.v6.xwing.info/gentoo-portage"
USE="X509 acl acpi acpi4linux apache2 bash-completion berkdb clamav crypt curl dba dga distribution dlloader dnd dvd extensions fbcon freetype fs gd gdbm gif gpm hardened hardenedphp idled imagemagick imap imlib2 ipv6 jpeg maildir md5sum mmx mysql ncurses network nls nptl nptlonly nvidia ofx pam perl php pic pie png print python readline rrdtool samba sasl slang spell sqlite sse sse2 ssl tcpd tiff truetype truetype-fonts type1 type1-fonts unicode usb userlocales x86 xml2 zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LDFLAGS
=================8<=================

Found this in my log :

===============8<================
Mar 17 01:09:09 xwing PAX: From 127.0.0.6: execution attempt in: <anonymous mapping>, 59ec6000-59ede000 59ec6000
Mar 17 01:09:09 xwing PAX: terminating task: /var/tmp/portage/glibc-2.3.4.20050125-r1/work/build-default-i686-pc-linux-gnu-nptl/e
lf/ld.so(ld.so):27785, uid/euid: 0/0, PC: 59ed9eb0, SP: 59ed9cb4
Mar 17 01:09:09 xwing PAX: bytes at PC: b9 40 a4 ed 59 e9 3a e3 19 ae 09 08 06 00 00 00 0a 00 00 00 
Mar 17 01:09:09 xwing PAX: bytes at SP: 08078f49 00000001 1805b388 00000000 22789aca 2278795a 00000001 00000054 00000058 0000005c
 0000045c 00000a6c 00000a70 00000a74 00000a74 00000a74 00000a74 180bc9e8 00000010 180bca70 
===============8<===============
There is one set of messages like this for each locale. Perhaps building locales should be done using system's ld.so since it's the only that can execute segments in write mode...

I builded my glibc with this trick:

Made a screen and run the ebuild to compile and than install the stuff:

# screen -U
# ebuild /usr/portage/sys-libs/glibc/glibc-2.3.4.20050125-r1.ebuild install

Before the locales build i get out of the screen session, and run these:

# paxctl -pemrsx /var/tmp/portage/glibc-2.3.4.20050125-r1/work/build-default-i686-pc-linux-gnu-nptl/elf/ld.so
# paxctl -pemrsx /var/tmp/portage/glibc-2.3.4.20050125-r1/work/build-default-i686-pc-linux-gnu-nptl/locale/localedef

And i go back to the screen session and made a package and install it:

# screen -r
# ebuild /usr/portage/sys-libs/glibc/glibc-2.3.4.20050125-r1.ebuild package
# emerge -u glibc -K

And then don't forget to delete the /var/tmp/portage/glibc-2.3.4.20050125-r1 dir!

Same problems here (bug #82106#c32 for more details)

Comment 7 SpanKY 2005-04-27 18:48:31 UTC

*** Bug 90590 has been marked as a duplicate of this bug. ***

FYI I still see this at least with sys-libs/glibc-2.3.3.20040420-r2 on my sparc
but as fasr as I remember also with another x86 system. 

I use a primitive shell script to work around the problem:

# nice ./paxfix.sh &
then 
# emerge glibc

and afterwards stop the paxfix.sh

paxfix.sh:
-----------------------------------------
#!/bin/bash
# plain stupid glibc PaX fix. dsy
pkg="glibc-2.3.3.20040420-r2"
files="/var/tmp/portage/${pkg}/work/build-default-i686-pc-linux-gnu-nptl/locale/localedef
/var/tmp/portage/${pkg}/build-default-i686-pc-linux-gnu-nptl/elf/ld.so"

while true ; do
        sleep 1
        for file in ${files} ; do
            if [ -e $file ] ; then
                paxctl -pemrsx $file
                logger "NOTE: glibc PaX compile fix applied!"
            fi
        done
done

-----------------------------

Silly me, just forget the shell script, it currently does not work. (there's an
error in the "for loop/if exist" logic...)

Comment 10 Petteri Räty (RETIRED) 2005-07-17 14:32:46 UTC

glibc 2.3.5 went stable on my hardened x86 system and this bug bit me. For
example running locale gives me:
betelgeuse@aria ~/irclogs/quakenet $ locale
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=
LC_CTYPE="en_US.utf8"
and the rest normally

Comment 11 solar (RETIRED) 2005-07-18 04:40:32 UTC

*** Bug 99400 has been marked as a duplicate of this bug. ***

Comment 12 Jeremy Huddleston (RETIRED) 2005-07-22 12:54:40 UTC

Can you please try glibc-2.3.5-r1.  I just committed a change that should readd
a patch that was accidently dropped during a version bump
(1040_all_2.3.3-localedef-fix-trampoline.patch).  solar said this patch should
fix the problem.  Make sure the ebuild has PATCH_VER="1.6" in it.

Comment 13 Petteri Räty (RETIRED) 2005-07-22 15:34:07 UTC

(In reply to comment #12)
> Can you please try glibc-2.3.5-r1.  I just committed a change that should readd
> a patch that was accidently dropped during a version bump
> (1040_all_2.3.3-localedef-fix-trampoline.patch).  solar said this patch should
> fix the problem.  Make sure the ebuild has PATCH_VER="1.6" in it.

This seems to fix the problem. ebuild install completes and there are no entries
in syslog. 

Hi,
From my side it's a pitty but i can't test this as i'm not using a "hardened"
system any more, but a great thanks to all for your work.
PS: assume some dev will close the BUG after proper testing done?
Rumen

Comment 15 solar (RETIRED) 2005-07-23 09:38:37 UTC

(In reply to comment #12)
> I just committed a change that should readd
> a patch that was accidently dropped during a version bump

thanks Jeremy 

Comment 16 Jeremy Huddleston (RETIRED) 2005-07-23 15:54:29 UTC

ok, I'm closing this up as 2.3.5-r1 is now released.  It addresses mainly this
bug and bug #52374 with some USE flag/configure options that users requested, so
hopefully we can get it stable fairly soon.

Yesterday I emerged the new 2.3.5-r1 on my hardened ~x86.  
While I can confirm that "locale -a" is now fine, I still have a task 
terminated by pax during the compile! 
 
----- /var/log/syslog extract --------- 
Jul 23 15:27:00 intranet kernel: PAX: execution attempt in: <anonymous 
mapping>, 5eae9000-5eaff000 5eae900 
0 
Jul 23 15:27:00 intranet kernel: PAX: terminating 
task: /usr/sbin/iconvconfig(iconvconfig):10585, uid/euid 
: 0/0, PC: 5eafd13c, SP: 5eafd03c 
Jul 23 15:27:00 intranet kernel: PAX: bytes at PC: b9 90 d1 af 5e e9 ca ca 54 
a9 04 27 10 00 00 00 b8 d4 0 
8 08 
Jul 23 15:27:00 intranet kernel: PAX: bytes at SP: 26fe40de 08080768 00000000 
00000000 5eafd13c 00000691 0 
0000000 5eafd19c 08049ed7 08080768 5eafd13c 00000001 0807b298 73752f2f 696c2f72 
63672f62 2f766e6f 6e6f6367 
 6f6d2d76 656c7564 
----------------------------------------------- 

(In reply to comment #17)
> Yesterday I emerged the new 2.3.5-r1 on my hardened ~x86.  
> While I can confirm that "locale -a" is now fine, I still have a task 
> terminated by pax during the compile! 
>  [...]
> task: /usr/sbin/iconvconfig(iconvconfig):10585, uid/euid 
> ----------------------------------------------- 

iconvconfig also needs PAX flags -ps added to its ELF headers with paxctl.
Otherwise iconvconfig won't run at all, and the un-PAX marked iconvconfig which
gets installed on the system will be killed also. Just try to run it on a
hardened system, it will be killed with the same errors in the syslog. This is a
bug, too.

Comment 19 Kevin F. Quinn (RETIRED) 2005-07-24 13:09:26 UTC

Daniel, Mikko - do you have trampoline emulation switched off?

iconvconfig contains a nested function.  The toolchain causes it to be marked
'E' - which enables trampoline emulation if the kernel supports it - thus
avoiding the need for an executable stack.

Comment 20 Kevin F. Quinn (RETIRED) 2005-07-24 14:59:18 UTC

Created attachment 64214 [details, diff]
De-trampoline iconvconfig

Well, here's a patch that un-nests the nested function, removing any need for
executable stack.

On my system, it generates identical output to the previous version with the
trampoline, so I think it's ok.

Kevin, 
 
Yes, I don't have CONFIG_PAX_EMUTRAMP set here. 

Comment 22 Kevin F. Quinn (RETIRED) 2005-07-25 13:23:18 UTC

(re-opening to save starting another bug and losing the thread)
Jeremy, would you mind taking a look at this (comment #17 on)?

Any hardened system that doesn't have trampoline emulation will fail as
reported, I'm pretty confident about my patch (famous last words).  I think it's
useful to eliminate the need for executable stack from glibc stuff; not all
arches have even the possibility to emulate trampolines.

Comment 23 Jeremy Huddleston (RETIRED) 2005-07-26 00:56:08 UTC

Yeah.  The patch looks simple enough.  Anyone have any objection to me sneaking
this into 2.3.5-r1 even though it's out of package.mask?

Comment 24 Jeremy Huddleston (RETIRED) 2005-07-26 13:01:29 UTC

Can you change PATCH_VER to 1.7 in glibc-2.3.5-r1, and test for me?

Comment 25 Kevin F. Quinn (RETIRED) 2005-07-26 14:35:36 UTC

built & installed successfully here with patch-ver 1.7, no problems.  build
resulted in a normal 'xe'-flagged binary, so no more trampoline.

btw sneaking it into 2.3.5-r1 seems sensible to me.

Comment 26 Jeremy Huddleston (RETIRED) 2005-07-26 16:29:39 UTC

Done.  Thanks Kevin.  You might want to try submitting these upstream, too. 
They might not like the global variable usage for the iconvconfig fix (I'm not
too keen on it either), so you should just pass pointers to them in name_insert
and leave them local to the caller.

Comment 27 Jeremy Huddleston (RETIRED) 2005-07-26 16:29:49 UTC

closing

Great work! :) 

Comment 29 SpanKY 2016-01-06 22:52:59 UTC

*** Bug 102968 has been marked as a duplicate of this bug. ***