On Tue, Apr 04, 2023 at 11:35:35PM +0000, David Ruth wrote: > Prevent loading arbitrary executable code based on config at runtime, > while allowing libraries to be specified at compile time when they are > known in advance. > > * Add the ability to configure libraries to load at compile time. > * CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location. > * CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location. > * CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location. > * Add flags with the ability to set each of the libraries to NULL and > prevent loading them at runtime. > * CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine > library. > * CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module > library. > * CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opens_engine > library. > * CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading eap libraries at > runtime. Thanks, applied with some cleanup. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
