Bug 157678 - ssh and ssh-keygen are needlessly linked with libselinux
ssh and ssh-keygen are needlessly linked with libselinux
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-13 13:42 EDT by Russell Coker
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: openssh-4.0p1-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-16 14:30:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Russell Coker 2005-05-13 13:42:30 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.0 (like Gecko)

Description of problem:
The ssh client and ssh-keygen do not have any SE Linux specific functionality  
and do not need to be linked to libselinux. 
 
The patch below removes this needless linking which as well as slightly 
reducing the program size and startup time also stops ssh-keygen from 
performing some operations that are not permitted by SE Linux policy. 
 
diff -rup openssh-4.0p1.orig/configure.ac openssh-4.0p1/configure.ac 
--- openssh-4.0p1.orig/configure.ac	2005-05-14 03:23:53.000000000 +1000 
+++ openssh-4.0p1/configure.ac	2005-05-14 03:27:34.000000000 +1000 
@@ -2376,15 +2376,17 @@ int main() 
  
 # Check whether user wants SELinux support 
 SELINUX_MSG="no" 
+SELIBS="" 
 AC_ARG_WITH(selinux, 
 	[  --with-selinux   Enable SELinux support], 
 	[ if test "x$withval" != "xno" ; then 
 		AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux 
support.]) 
 		SELINUX_MSG="yes" 
 		AC_CHECK_HEADERS(selinux.h) 
-		LIBS="$LIBS -lselinux" 
+		SELIBS=-lselinux 
 	fi 
 	]) 
+AC_SUBST(SELIBS) 
  
 # Check whether user wants Kerberos 5 support 
 KRB5_MSG="no" 
diff -rup openssh-4.0p1.orig/Makefile.in openssh-4.0p1/Makefile.in 
--- openssh-4.0p1.orig/Makefile.in	2005-05-14 03:23:53.000000000 +1000 
+++ openssh-4.0p1/Makefile.in	2005-05-14 03:28:16.000000000 +1000 
@@ -43,6 +43,7 @@ LD=@LD@ 
 CFLAGS=@CFLAGS@ 
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ 
 LIBS=@LIBS@ 
+SELIBS=@SELIBS@ 
 LIBEDIT=@LIBEDIT@ 
 LIBPAM=@LIBPAM@ 
 LIBWRAP=@LIBWRAP@ 
@@ -136,7 +137,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS 
 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
  
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS) 
-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) 
$(LIBPAM) $(LIBS) 
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) 
$(LIBPAM) $(LIBS) $(SELIBS) 
  
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o 
 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat 
$(LIBS) 
 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
run ldd on ssh and observe that it is linked to libselinux. 

Additional info:
Comment 1 Tomas Mraz 2005-05-16 14:30:29 EDT
Fixed, thank you.

Note You need to log in before you can comment on or make changes to this bug.