[Bug 3597] Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Aug 3 08:00:45 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3597
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
> For lower version, before openssh-8.9p1, only checking the
> value of remote_add_provider is stricter, although it may
> cause some problems else.
That won't work. Older versions have no way of telling whether a socket
is local or remote, so testing remote_add_provider alone would simply
ban all PKCS#11 loading.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list