RE: libcrypto failure on Openssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Hareesh Das Ulleri <hareesh.ulleri@xxxxxxx>
> Sent: Monday, 27 February, 2023 23:15
> 
> Sorry for the confusion. This is during OpenSSH authentication, a child
> process which does not have any privileges (e.g. file open)  and it is supposed
> to do the authentication, that means it calls Libcrypto Cipher functions. In this
> case even file reopen won't work since process has no privileges to do this.
> 
>  Is it mentioned or anyone attempted how OpenSSL supposed to handle this
> case ?

OpenSSL isn't. This is your problem. Your provider has a limitation which prevents it from working in certain use cases.

The obvious fix is to correct the permissions on your device node so it can be opened by the unprivileged process.

There are other possibilities (e.g. descriptor passing), but generally they introduce complexity for little or no additional security.

-- 
Michael Wojcik




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux