On Fri, Feb 27, 2015 at 9:19 AM, Michael Felt <aixtools@xxxxxxxxx> wrote: > > One problem coming directly is that the -L flag (-L/opt/libressl/lib is not > being included in the -blibpath so the programs link, but do not run. > I am sure there is a way for me to modify the blibpath - BUT - I ask you do > consider inserting an openssl-dir path when it is not > already in the blibpath variable. > There's a reason why it isn't: where that directory is writeable by a non-root user it becomes a vector for local privilege escalation via OpenSSH's setuid binaries. http://lists.mindrot.org/pipermail/openssh-unix-dev/2003-April/017768.html Now that decision was made back in the day when OpenSSL's shared library support was still considered experimental. Maybe we could check that the path is a) absolute and b) system-owned all the way down and add it to blibpath if both are true. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev