bugzilla-daemon at mindrot.org
2023-Jul-27 11:31 UTC
[Bug 3594] New: PKCS11Provider now requires full paths
https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Bug ID: 3594 Summary: PKCS11Provider now requires full paths Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org Reporter: marc.deslauriers at canonical.com Since the 29ef8a0486 commit for CVE-2023-28408, PKCS11Provider now requires libraries to be specified using their full path as the new code just opens the filename directly whereas the dlopen would search system library paths. This causes a change in behaviour for users. (See downstream bug here: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774 ) -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jul-27 23:36 UTC
[Bug 3594] PKCS11Provider now requires full paths
https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- This is intentional, sorry. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jul-28 00:06 UTC
[Bug 3594] PKCS11Provider now requires full paths
https://bugzilla.mindrot.org/show_bug.cgi?id=3594 --- Comment #2 from Damien Miller <djm at mindrot.org> --- I should add that the change that causes this has not been released yet. It will be part of OpenSSH 9.4 which is due pretty soon. I guess somebody has mistakenly cherry-picked it somewhere? It is not required to fix CVE-2023-38408 (only 892506b1365430 - the fatal() change is needed); it's more defence in depth. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jul-28 11:22 UTC
[Bug 3594] PKCS11Provider now requires full paths
https://bugzilla.mindrot.org/show_bug.cgi?id=3594 --- Comment #3 from Marc Deslauriers <marc.deslauriers at canonical.com> --- Yes, I cherry picked that commit when fixing Ubuntu. Thanks for your response, I just wanted to make sure this change was intentional. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 2610] New: ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used
- [Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
- Preloading shared library with libVirt
- CVE-2017-7494 in SAMBA-AD 4.3.11-ubuntu
- Recent inability to view long filenames stored with scp via samba mount