blibpath changes for AIX

Darren Tucker dtucker at zip.com.au
Fri May 16 00:40:01 EST 2003


Markus Alt wrote:
> This has worked fine for former versions of OpenSSH, but with 3.6.1p2,
> /opt/freeware/lib apparently does not get added to blibpath during the
> build. As a matter of fact, after installing the RPM, sshd refuses to
> start as it cannot find libcrypto.a in /usr/lib or /lib.

Yeah, there's a reason for this:
"Portable OpenSSH: Dangerous AIX linker behavior"
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=105167884027821

> If I add 'export blibpath="/opt/freeware/lib:/usr/lib:/lib"' to the SPEC
> file before running configure, all works well. But I would expect to get
> /opt/freeware/lib added to blibpath automatically by the --with-ssl-dir
> option.

Good idea, but it would need to be sanity checked (eg
--with-ssl-dir=../openssl-0.9.7b/ or --with-ssl-dir=/tmp/openssl-0.9.7b
would produce exploitable binaries).

It's only required if you're using an openssl shared library (which is
still marked as as "experimental").

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list