DEFAULT_PKCS11_WHITELIST on 64-bit Linux systems
Damien Miller
djm at mindrot.org
Fri Dec 30 12:40:53 AEDT 2016
On Wed, 28 Dec 2016, Iain Morgan wrote:
> Hello,
>
> On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not
> very useful. On such systems, /usr/lib64/* would need to be added to the
> pattern list. Although users can specify the -P option every time they
> launch ssh-agent, it might be nice to provide a means to specify a
> default whitelist at build-time.
>
> It's tempting to suggest that configure should automatically supply a
> reasonable value for the whitelist based on the platform, but supporting
> an option to configure would seem to be the simpler and safer solution.
>
> % ./configure --with-default-pkcs11-whitelist="/usr/lib64/*'
Sounds eminently reasonable. Maybe we could make the portable default
"/usr/lib*/*,/usr/local/lib*/*" too?
-d
More information about the openssh-unix-dev
mailing list