Page 1 of 1

PAX and locales

PostPosted: Sat Feb 07, 2004 10:48 am
by polarfox
Hello,

I tried to upgrade my locales on debian, and got this:

Code: Select all
Setting up locales (2.3.2.ds1-11) ...
/var/lib/dpkg/info/locales.postinst: line 18: /etc/locale.gen.tmp: Permission denied
mv: cannot stat `/etc/locale.gen.tmp': No such file or directory
dpkg: error processing locales (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 locales
E: Sub-process /usr/bin/dpkg returned an error code (1)


I founded this error in logs:

Code: Select all
Feb  7 17:04:06 alus kernel: PAX: From 192.168.1.2: terminating task: /usr/bin/localedef(localedef):19888, uid/euid: 0/0, PC:
bbe342f8, SP: bbe341f8
Feb  7 17:04:06 alus kernel: PAX: bytes at PC: b9 88 48 e3 bb e9 fe 10 24 4c 08 08 06 00 00 00 0a 00 00 00
Feb  7 17:04:06 alus kernel: grsec: From 192.168.1.2: attempted resource overstep by requesting 4096 for RLIMIT_CORE against l
imit 0 by (localedef:19888) UID(0) EUID(0), parent (locale-gen:8362) UID(0) EUID(0)


How to fix it?
Thanks

Re: PAX and locales

PostPosted: Sat Feb 07, 2004 1:12 pm
by PaX Team
polarfox wrote:
Code: Select all
Feb  7 17:04:06 alus kernel: PAX: From 192.168.1.2: terminating task: /usr/bin/localedef(localedef):19888, uid/euid: 0/0, PC: bbe342f8, SP: bbe341f8
Feb  7 17:04:06 alus kernel: PAX: bytes at PC: b9 88 48 e3 bb e9 fe 10 24 4c 08 08 06 00 00 00 0a 00 00 00
that's a nested function trampoline, so you can either enable EMUTRAMP on localedef (chpax -E) or disable the non-exec pages on it (chpax -sp).

PostPosted: Sat Feb 07, 2004 1:30 pm
by polarfox
Thanks, i've successfully solved that problem, but there is another one:

Code: Select all
Feb  7 19:43:35 alus kernel: grsec: From 192.168.1.2: attempted resource overstep by requesting 32 for RLIMIT_NPROC against li
mit 30 by (local:19928) UID(0) EUID(101), parent (master:27732) UID(0) EUID(0)
Feb  7 19:43:35 alus kernel: grsec: From 192.168.1.2: failed fork with errno -11 by (local:19928) UID(0) EUID(101), parent (ma
ster:27732) UID(0) EUID(0)


I havent any problems with grsec and /etc/security/limits.conf before.

Heh grsec worked fine, but i did one thing - tried to upgrade my debian packages. After upgrading lots of problems occured, especially with CAP_SYS_ADMIN on various programs (bash, sshd, postfix).

Seems I need a lot of things to learn about this great security system ;o)