blibpath changes for AIX
Markus Alt
altmark at de.ibm.com
Fri May 16 01:03:08 EST 2003
Darren Tucker wrote:
>
> Markus Alt wrote:
> > This has worked fine for former versions of OpenSSH, but with 3.6.1p2,
> > /opt/freeware/lib apparently does not get added to blibpath during the
> > build. As a matter of fact, after installing the RPM, sshd refuses to
> > start as it cannot find libcrypto.a in /usr/lib or /lib.
>
> Yeah, there's a reason for this:
> "Portable OpenSSH: Dangerous AIX linker behavior"
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=105167884027821
I've seen that.
> > If I add 'export blibpath="/opt/freeware/lib:/usr/lib:/lib"' to the SPEC
> > file before running configure, all works well. But I would expect to get
> > /opt/freeware/lib added to blibpath automatically by the --with-ssl-dir
> > option.
>
> Good idea, but it would need to be sanity checked (eg
> --with-ssl-dir=../openssl-0.9.7b/ or --with-ssl-dir=/tmp/openssl-0.9.7b
> would produce exploitable binaries).
So the new behaviour is a kind of security measure if I understand this
correctly. And I will have to judge whether I trust the installation in
the given directory, but this will not happen automatically. Makes
sense.
Thanks for your quick response!
Markus
--
Markus Alt
IBM Lab Boeblingen, Germany
altmark at de.ibm.com
More information about the openssh-unix-dev
mailing list