Re: OpenSSL in the FreeBSD base system / FreeBSD 14
Date: Mon, 24 Apr 2023 17:06:14 UTC
On Wed, 19 Apr 2023 at 18:08, Konstantin Belousov <kostikbel@gmail.com> wrote: > > On Wed, Apr 19, 2023 at 12:50:59PM -0400, Ed Maste wrote: > > A related issue is base system libraries that depend on OpenSSL would > > also need to be made private. This includes gssapi, heimdal, and > > libfetch. > Does ssh and pam in the base depend on the base openssl? > If yes, then it still leaks into the applications despite being private. Yes, I see the following libraries which bring in libssl: /usr/lib/libprivateldns.so.5 /usr/lib/libprivatessh.so.5 /usr/lib/libprivateunbound.so.5 /usr/lib/pam_ssh.so.6 /usr/lib/libfetch.so.6 and libcrypto (privatelibs excluded): /lib/libzfsbootenv.so.1 /lib/libbe.so.1 /lib/libzfs.so.4 /usr/lib/pam_zfs_key.so.6 /usr/lib/libkafs5.so.11 /usr/lib/libgssapi_ntlm.so.10 /usr/lib/libarchive.so.7 /usr/lib/libkdc.so.11 /usr/lib/libradius.so.4 /usr/lib/libgssapi_krb5.so.10 /usr/lib/libkrb5.so.11 /usr/lib/libhx509.so.11 /usr/lib/pam_radius.so.6 /usr/lib/libssl.so.111 /usr/lib/libkadm5srv.so.11 /usr/lib/libkadm5clnt.so.11 /usr/lib/libhdb.so.11 /usr/lib/pam_ssh.so.6 /usr/lib/libheimntlm.so.11 /usr/lib/libfetch.so.6 /usr/lib/libmp.so.7 /usr/lib/pam_krb5.so.6 /usr/lib/libbsnmp.so.6 /usr/lib/pam_ksu.so.6 Baptiste reported elsewhere that libfetch's use in ports is very limited, so it could easily be made into a private lib.