From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3342-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QBgbq-0006Lf-8R
	for garchives@archives.gentoo.org; Mon, 18 Apr 2011 05:02:50 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1D3961C08A
	for <garchives@archives.gentoo.org>; Mon, 18 Apr 2011 05:02:48 +0000 (UTC)
Received: from atoth.sote.hu (atoth.sote.hu [195.111.75.211])
	by pigeon.gentoo.org (Postfix) with ESMTP id E17951C042
	for <gentoo-hardened@lists.gentoo.org>; Mon, 18 Apr 2011 04:30:41 +0000 (UTC)
Received: from atoth.sote.hu (apache@localhost [127.0.0.1])
	by atoth.sote.hu (8.14.4/8.14.4/atoth@atoth.sote.hu) with ESMTP id p3I4UXn2016595
	for <gentoo-hardened@lists.gentoo.org>; Mon, 18 Apr 2011 06:30:34 +0200
X-DKIM: Sendmail DKIM Filter v2.8.3 atoth.sote.hu p3I4UXn2016595
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=atoth.sote.hu;
	s=dwokfur; t=1303101040;
	bh=Fq71nt/9guf67YDycHVV7JqxBeZ/YCO/MVmeIJZ8tL4=; l=1302;
	h=Message-ID:In-Reply-To:References:Date:Subject:From:To:
	 MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=UXp9vAYVyv8noODm4FFXkEmhzqq7StMhihz2A+aKirNO+V7vs7jD9E3AKSFJ8TLT2
	 sqIRJDgGJkYAOytBhvq4sLw8aTfHtBcaj+L6Xe6vBmDZ55acQ5KIh15BTTBQBZ1j+L
	 DBxfm1x2+RpYMl/RMU+8EmzlPVtOrziKqzRaFgAo=
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 atoth.sote.hu p3I4UXn2016595
DomainKey-Signature: a=rsa-sha1; s=dwokfur; d=atoth.sote.hu; c=nofws; q=dns;
	h=x-virus-status:x-virus-scanned:received:message-id:
	in-reply-to:references:date:subject:from:to:user-agent:mime-version:
	content-type:content-transfer-encoding:x-priority:importance:
	x-spam-status:x-spam-checker-version:x-list-milter:x-dcc-dcc1.aftenposten.no-metrics;
	b=mTNHhj0hxojN1mEJDYmWwfqGQicdYBexa6oJ5As3UQdqX6PNEViEMguvVvar0TBFY
	2Sg8MK2kyvfUIppxt54KH7pOp59u90MrN4HDNGS59dAuaq/85AA+7iMOfA+eevfF0BN
	ZFo+PXxy5851up72oofqdnW5xa9/mFbrM+leI/Q=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.97 at atoth
Received: from 84.3.21.212
        (SquirrelMail authenticated user atoth)
        by atoth.sote.hu with HTTP;
        Mon, 18 Apr 2011 06:30:34 +0200
Message-ID: <c31e05984ede12ff75c62c019f988cf7.squirrel@atoth.sote.hu>
In-Reply-To: <201104171320.47194.zorry@gentoo.org>
References: <e954c7d36696f27da86272b7e0ccfabd.squirrel@atoth.sote.hu>
    <20110417014914.GA3917@home.power>
    <f4e5e470922c612bd1dfc6ba20d9eebd.squirrel@atoth.sote.hu>
    <201104171320.47194.zorry@gentoo.org>
Date: Mon, 18 Apr 2011 06:30:34 +0200
Subject: Re: [gentoo-hardened] apache ssl problems: PAX terminates execution
 attempt
From: =?utf-8?B?IlTDs3RoIEF0dGlsYSI=?= <atoth@atoth.sote.hu>
To: gentoo-hardened@lists.gentoo.org
User-Agent: SquirrelMail/1.4.21
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Status: No, score=-99.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50,
	DKIM_ADSP_ALL,USER_IN_WHITELIST autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on atoth.sote.hu
X-List-Milter: local mail
X-DCC-dcc1.aftenposten.no-Metrics: atoth 1215; IP=ok Body=2 Fuz1=2 Fuz2=2
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: ea010c4fe02854e0d9f9c19a5aa7abb5

2011.=C3=81prilis 17.(V) 13:20 id=C5=91pontban Magnus Granberg ezt =C3=AD=
rta:
> s=C3=B6ndag 17 april 2011 12.27.19 skrev  T=C3=B3th Attila:
>> 2011.=C3=81prilis 17.(V) 03:49 id=C5=91pontban Alex Efros ezt =C3=ADrt=
a:
>> > Hi!
>> >
>> > On Sun, Apr 17, 2011 at 02:17:21AM +0200, "T=C3=B3th Attila" wrote:
>> >> Reverting to the old binary makes the problem go away.
>> >
>> > Any chance it's as trivial as somehow modified old binary - like wit=
h
>> > paxctl?
>>
>> paxctl -m haven't solved the problem.
>>
>> > Also, you can try to use non-hardened gcc to build apache, just in
>> case.
>>
>> I would rather not use a non-hardened apache on the server. But I can
>> give
>> a try to compile it using a vanilla gcc profile.
>> Any of you successfully recompiled apache with a recent toolchain and
>> see
>> the ssl connections are working correctly?
>>
>> Thx:
>> Dw.
>>
>> > --
>> >
>> > 			WBR, Alex.
> Look at bug http://bugs.gentoo.org/show_bug.cgi?id=3D363443
> /Magnus

Compiling using gcc-4.5.2 with -O1 or switching to gcc-4.4.5 solves the
issue. Obviously it's not a solution.
I can provide binaries, but gcc cannot compile using -g ggdb in my case.

Thx for the tip. I add my comment to this bug.

Dw.
--=20
dr T=C3=B3th Attila, Radiol=C3=B3gus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057