> From: Hareesh Das Ulleri <hareesh.ulleri@xxxxxxx> > Sent: Monday, 27 February, 2023 23:15 > > Sorry for the confusion. This is during OpenSSH authentication, a child > process which does not have any privileges (e.g. file open) and it is supposed > to do the authentication, that means it calls Libcrypto Cipher functions. In this > case even file reopen won't work since process has no privileges to do this. > > Is it mentioned or anyone attempted how OpenSSL supposed to handle this > case ? OpenSSL isn't. This is your problem. Your provider has a limitation which prevents it from working in certain use cases. The obvious fix is to correct the permissions on your device node so it can be opened by the unprivileged process. There are other possibilities (e.g. descriptor passing), but generally they introduce complexity for little or no additional security. -- Michael Wojcik