Re: sshd dependancy to systemd and attack surface

On Sat, Mar 30, 2024 at 12:46:51PM +0100, Marc SCHAEFER wrote: > sshd has a dependancy to systemd, and thus includes a lot of libraries, > which augments its attack surface. libsystemd, not systemd. > The recent xz-utils issue [1] has lead to this post by someone suggesting > (with a patch,

Processed: Bug#1067243 marked as pending in openssh

Processing control commands: > tag -1 pending Bug #1067243 [src:openssh] openssh: please build without -fzero-call-used-regs=used on m68k Ignoring request to alter tags of bug #1067243 to the same tags previously set -- 1067243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067243 Debian

Re: Bug#1068017: util-linux: please ship liblastlog2 packages

On Sat, Mar 30, 2024 at 08:32:40AM +0100, Sven Joachim wrote: > >> So we could either put pam_lastlog2.so into a common-* file from > >> src:pam, or openssh and shadow should switch their setup. > >> What do we all think about that? > > pam should not be adding any modules to common-* that it

sshd dependancy to systemd and attack surface

Hello, sshd has a dependancy to systemd, and thus includes a lot of libraries, which augments its attack surface. The recent xz-utils issue [1] has lead to this post by someone suggesting (with a patch, apparently) to confine the sshd -> systemd dependancy in a subprocess [2]. Maybe you want to

Re: Bug#1068017: util-linux: please ship liblastlog2 packages

On 2024-03-29 20:36 -0700, Steve Langasek wrote: > On Sat, Mar 30, 2024 at 01:41:40AM +0100, Chris Hofstaedtler wrote: >> Hi OpenSSH, shadow Maintainers, >> >> On Sat, Mar 30, 2024 at 01:32:08AM +0100, Chris Hofstaedtler wrote: >> > On Fri, Mar 29, 2024 at 06:02:39PM +0100, Sven Joachim wrote: >>