Debian users: don't upgrade to glibc 2.3.4, take action

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Postby PaX Team » Mon Oct 10, 2005 11:36 am

kirk22 wrote:can we do anything else about it? (should we start a discussion on debian's mailinglist's? http://lists.debian.org/debian-glibc/ or http://lists.debian.org/debian-security/)
i think there was already a discussion about it and what seemingly came out of it was 'fix the apps not glibc', except noone's really doing it as most users and developers are not seeing the problem (since they're not running PaX).
what do the glibc people think about it? (i assume this problem does not only affect debian but also everyone else using glibc 2.3.4,2.3.5,...?)
given that they (well, Red Hat) wrote it and it went into glibc without much if any discussion, let alone objections, you can guess the answer. and the problem is not glibc per se, it's the whole PT_GNU_STACK mess, glibc just happens to be at the end of the chain.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Current status: Recomended steps

Postby Pesky Taco » Thu Jan 19, 2006 11:07 pm

Hi All

So what is the current status of using PAX on Debian stable?
What steps need to be taken to address this issue and make it work?

Is their an FAQ where this can be addressed?

Any other info would be helpful.
Pesky Taco
 
Posts: 8
Joined: Mon Oct 18, 2004 1:52 pm

recompile glibc

Postby int80 » Mon Jan 23, 2006 2:03 pm

The alternatives have been covered by PaX Team in this thread:
http://forums.grsecurity.net/viewtopic.php?t=673

I am looking to recompile glibc on my Debian unstable system so that mprotect can still be utilized.

What needs to be changed in glibc? I thought I saw a patch somewhere, but haven't been able to find it again. Guess I could manually remove the dl_make_stack_executable function and calls.
int80
 
Posts: 11
Joined: Mon Jan 23, 2006 1:57 pm

Previous

Return to grsecurity support