Kevin Kofler via devel wrote:
Dominique Martinet wrote:
> Before making each of these safer we should make sshd not link with so
> many things in the first place.
Indeed. E.g., Arch Linux does not transitively link sshd against liblzma.
Fedora does because of this innocuous-looking patch:
https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.4p1-s...
which is what ultimately allowed this to happen. This drags in libsystemd
for sd_notify, and libsystemd is linked to way too much stuff including
liblzma. Either we need a split libsdnotify that contains only sd_notify, or
we should just stop using sd_notify at all.
Upstream openssh-portable has a proposed patch which simply
implements the sdnotify protocol directly. That would
provide the benefits with none of the over-linking risk.
https://bugzilla.mindrot.org/show_bug.cgi?id=2641#c13
It could use some review from distro folks familiar with
sshd systemd integration.
(The wider point about splitting the sdnotify functionality
is still quite useful, to avoid everyone re-implementing the
same thing and possibly adding bugs in _that_ process.)
--
Todd