Bug 102968

Summary:	sys-libs/glibc: localedef crashes under PaX kernels
Product:	Gentoo Linux	Reporter:	Nicola <n.murino>
Component:	[OLD] Core system	Assignee:	Gentoo Toolchain Maintainers <toolchain>
Status:	RESOLVED DUPLICATE
Severity:	major	CC:	hardened
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Nicola 2005-08-18 06:11:11 UTC

When I compile glibc on systems with pax enabled (hardened profile), the system
is unable to generate locales,

If I try to manually generate a locale:

devel admin # localedef -c -i en_US -f ISO-8859-15 en_US.ISO-8859-15
Killed

the process is killed

here are the logs:

Aug 18 14:50:42 devel grsec: From 192.168.211.1: denied resource overstep by
requesting 4096 for RLIMIT_CORE against limit 0 for
/usr/bin/localedef[localedef:4958] uid/euid:0/0 gid/egid:0/0, parent
/bin/bash[bash:4940] uid/euid:0/0 gid/egid:0/0


and here are the log for glibc:

Aug 16 05:22:58 devel grsec: denied resource overstep by requesting 4096 for
RLIMIT_CORE against limit 0 for
/var/tmp/portage/glibc-2.3.5/work/build-default-i686-pc-linux-gnu-linuxthreads/elf/ld.so[ld.so:11430]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:11411] uid/euid:0/0 gid/egid:0/0


A solution is to disable pax e grsecurity compile glibc and then boot with a
kernel pax enabled.

Maybe if I disable randomized mmap() base for /lib/ld-2.3.5.so in
/etc/conf.d/chpax it works but isn't the best solution



Reproducible: Always
Steps to Reproduce:
1.Use a pax, grsec kernel enabled
2.emerge glibc
3.wait for error

Actual Results:  
locale aren't generated


devel admin # emerge info
Portage 2.0.51.22-r2 (hardened/x86/2.6, gcc-3.3.5-20050130, glibc-2.3.5-r0,
2.6.11-hardened-r15 i686)
=================================================================
System uname: 2.6.11-hardened-r15 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.11
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer -fforce-addr"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="http://www.die.unipd.it/pub/Linux/distributions/gentoo-sources/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="berkdb crypt dlloader hardened ncurses nls nptl pam perl pic python
readline ssl tcpd userlocales x86 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

Comment 1 petre rodan (RETIRED) gentoo-dev

2005-08-18 23:49:34 UTC

please have a look at bug 85718 and try merging glibc-2.3.5-r1

Comment 2 petre rodan (RETIRED) gentoo-dev

2005-08-19 00:25:24 UTC

on a second thought, this might be nptl related as per bug 52254

hmm, that hardened-sysdep-shared.patch is part of glibc-2.3.5*

Comment 3 Nicola 2005-08-19 01:13:38 UTC

I upgraded to glibc-2.3.5-r1 with a kernel without pax and grsecurity, now I
rebooted with a pax and grsec enabled kernel and I'm recompiling glibc (is slow
in vmware...and I must compile ntpl and linuxthreads) however now localedef
works, thanks and sorry if is a duplicate bug

Comment 4 Nicola 2005-08-22 00:29:37 UTC

glibc 2.3.5-r1 solve the problem, thanks and excuse me for duplicate bug

Comment 5 SpanKY gentoo-dev

2016-01-06 22:52:58 UTC


*** This bug has been marked as a duplicate of bug 85718 ***