[Bug 2752] Allow syscalls for openssl engines on s390x

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 22 22:46:53 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2752

--- Comment #6 from ebarretto at linux.vnet.ibm.com ---
(In reply to Damien Miller from comment #5)
> Yeah, I agree. Would it be feasible to skip using the engines in the
> pre-auth phase entirely?

Hi Damien,

We have on S390 two OpenSSL Engines, one more specific (is specific for
one crypto card) and one more generic that works with different crypto
card/devices. The first is openssl-ibmca and the last one
openssl-ibmpkcs11.

We already did some changes on the seccomp filter (openssh-7.5) for the
ibmca engine, but the getuid and geteuid was missing as it was enabled
on some distro's openssh package but not on others.
Can we get the getuid and geteuid patch integrated for now? 

The other engine, ibmpkcs11, which needs the sysv ipc is not yet
released and we can work on an alternative based on your feedback. 

This works for you? 

Thanks,
Eduardo

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list