Re: OpenSSL in the FreeBSD base system / FreeBSD 14

Reply: Ed Maste : "Re: OpenSSL in the FreeBSD base system / FreeBSD 14"
In reply to: Ed Maste : "OpenSSL in the FreeBSD base system / FreeBSD 14"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Konstantin Belousov <kostikbel_at_gmail.com>
Date: Wed, 19 Apr 2023 22:08:42 UTC

On Wed, Apr 19, 2023 at 12:50:59PM -0400, Ed Maste wrote:
> A related issue is base system libraries that depend on OpenSSL would
> also need to be made private. This includes gssapi, heimdal, and
> libfetch.
Does ssh and pam in the base depend on the base openssl?
If yes, then it still leaks into the applications despite being private.

For instance,
/usr/lib/pam_ssh.so.6:
        libprivatessh.so.5 => /usr/lib/libprivatessh.so.5 (0x80148b000)
        libpam.so.6 => /usr/lib/libpam.so.6 (0x80154d000)
        libc.so.7 => /lib/libc.so.7 (0x801083000)
        libprivateldns.so.5 => /usr/lib/libprivateldns.so.5 (0x80155d000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x801e00000)