78498 – emerge glibc: iconfconfig killed by pax

Bug 78498 - emerge glibc: iconfconfig killed by pax

Summary: emerge glibc: iconfconfig killed by pax

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-01-18 03:55 UTC by Klaus Kusche
Modified:	2005-10-26 18:32 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Klaus Kusche 2005-01-18 03:55:03 UTC

When emerging glibc-2.3.4.20040808-r1, the newly compiled iconvconfig is automacally executed in the postinstall step of the ebuild:

        if [ -x "${ROOT}/usr/sbin/iconvconfig" ]; then
                # Generate fastloading iconv module configuration file.
                ${ROOT}/usr/sbin/iconvconfig --prefix=${ROOT}
        fi

However, on my hardened system with grsecurity/pax enabled, this gets killed due to a pax violation:

Jan 18 12:42:40 kklaptop kernel: PAX: execution attempt in: <anonymous mapping>,
 5b3e1000-5b3f8000 5b3e1000
Jan 18 12:42:40 kklaptop kernel: PAX: terminating task: /usr/sbin/iconvconfig(ic
onvconfig):5432, uid/euid: 0/0, PC: 5b3f5908, SP: 5b3f5824

Comment 1 solar (RETIRED) gentoo-dev

2005-03-11 08:54:17 UTC

smells like somebody dropped the trampoline patch.

Comment 2 Klaus Kusche 2005-03-12 09:24:28 UTC

My kernel is configured with PAX-EMUTRAMP=N (off).

I'm using PaX segment based execution protection.

Is this a problem when emerging gcc, do I have to use a kernel with PAX-EMUTRAMP=Y?

Comment 3 SpanKY gentoo-dev

2005-10-26 17:42:19 UTC

should be fixed now [again]

Comment 4 solar (RETIRED) gentoo-dev

2005-10-26 18:32:57 UTC

thanks spanky