Shouldn't no-pinshared be the default?
Yann Ylavic
ylavic.dev at gmail.com
Tue Mar 5 21:16:49 UTC 2019
On Tue, Mar 5, 2019 at 6:05 PM Tomas Mraz <tmraz at redhat.com> wrote:
>
> On Tue, 2019-03-05 at 16:00 +0100, Yann Ylavic wrote:
> > On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz <tmraz at redhat.com> wrote:
> > >
> > Why? Distros know better than the applications they run?
>
> They actually do, because applications cannot really know whats deep in
> the chain of loaded shared libraries - for example getpwnam() can load
> libnss_ldap which can load libldap which can load libssl. And the
> application has no idea about what is your nsswitch.conf config.
Who would do that seriously, configure a non-local User for httpd, and
read it (as root) preferably from a remote LDAP??
No, httpd shouldn't be run like this, and httpd developers know it
because they designed the root/main process with no other dependency
than the APR lib (both for portability and security reasons), and I'm
sure distros know it too.
Furthermore, if that scenario were a real use case, it'd mean that
libldap could initialize openssl with no regard to httpd needs,
possibly no-op'ing further OPENSSL_init_*() calls with its own
arbitrary init option (e.g. OPENSSL_INIT_[NO_]LOAD_CONFIG), while the
application really is httpd here (I'm sure openldap uses minimal init,
but since we are talking hypothetically..).
So really, please let standalone applications precisely alone and
choose what's best for them for their lifetime.
>
> > Since we are here, why OPENSSL_cleanup() exists and is public in the
> > first place, and why no-pinshared or OPENSSL_INIT_NO_ATEXIT?
>
> Yes, having the public OPENSSL_cleanup() to be anything else than no-op
> is probably a mistake.
We'll probably agree to disagree here..
Regards,
Yann.
More information about the openssl-users
mailing list