Re: DEFAULT_PKCS11_WHITELIST on 64-bit Linux systems

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 28 Dec 2016, Iain Morgan wrote:

> Hello,
> 
> On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not
> very useful. On such systems, /usr/lib64/* would need to be added to the
> pattern list. Although users can specify the -P option every time they
> launch ssh-agent, it might be nice to provide a means to specify a
> default whitelist at build-time.
> 
> It's tempting to suggest that configure should automatically supply a
> reasonable value for the whitelist based on the platform, but supporting
> an option to configure would seem to be the simpler and safer solution.
> 
> % ./configure --with-default-pkcs11-whitelist="/usr/lib64/*'

Sounds eminently reasonable. Maybe we could make the portable default
"/usr/lib*/*,/usr/local/lib*/*" too?

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux