Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Apr 2023 01:08:42 +0300
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Ed Maste <emaste@freebsd.org>
Cc:        freebsd-arch <freebsd-arch@freebsd.org>
Subject:   Re: OpenSSL in the FreeBSD base system / FreeBSD 14
Message-ID:  <ZEBmahjXXlvtzP-L@kib.kiev.ua>
In-Reply-To: <CAPyFy2Afao5tnujFtwiF6avdkqAXRGDOTSq-JSCkHvvbfUvhaA@mail.gmail.com>
References:  <CAPyFy2Afao5tnujFtwiF6avdkqAXRGDOTSq-JSCkHvvbfUvhaA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Apr 19, 2023 at 12:50:59PM -0400, Ed Maste wrote:
> A related issue is base system libraries that depend on OpenSSL would
> also need to be made private. This includes gssapi, heimdal, and
> libfetch.
Does ssh and pam in the base depend on the base openssl?
If yes, then it still leaks into the applications despite being private.

For instance,
/usr/lib/pam_ssh.so.6:
        libprivatessh.so.5 => /usr/lib/libprivatessh.so.5 (0x80148b000)
        libpam.so.6 => /usr/lib/libpam.so.6 (0x80154d000)
        libc.so.7 => /lib/libc.so.7 (0x801083000)
        libprivateldns.so.5 => /usr/lib/libprivateldns.so.5 (0x80155d000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x801e00000)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZEBmahjXXlvtzP-L>