[Bug 3597] New: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Aug 1 23:19:39 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3597
Bug ID: 3597
Summary: Why do we check both nsession_ids and
remote_add_provider when judging whether allow remote
addition of FIDO/PKCS11 provider libraries is
disabled?
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Windows 10
Status: NEW
Severity: trivial
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent
by default is introducted in the commit:
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
In my opinion, it is unnecessary for us to check the value of
nsession_ids, because nsession_ids is used to count the number of the
connections which are opened via "session-bind at openssh.com" agent
extension.
```
if (e->nsession_ids != 0 && !remote_add_provider) {
verbose("failed add of SK provider \"%.100s\": "
"remote addition of providers is disabled",
sk_provider);
goto out;
}
```
Please tell me the reason.
Thanks a lot.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list