• 0 Posts
  • 7 Comments
Joined 1 year ago
Cake day: June 26th, 2023
  • metiulekm@sh.itjust.workstoLinux@lemmy.mlWhy is OpenSSL able to use a key file my user shouldn't have access to?English
    12·
    3 months ago

    It seems OP wanted to pass the file name to -k, but this parameter takes the password itself and not a filename:

           -k password
           The password to derive the key from. This is for compatibility with previous versions of OpenSSL. Superseded by the -pass argument.

    So, as I understand, the password would be not the first line of /etc/ssl/private/etcBackup.key, but the string /etc/ssl/private/etcBackup.key itself. It seems that -kfile /etc/ssl/private/etcBackup.key or -pass file:/etc/ssl/private/etcBackup.key is what OP wanted to use.

  • metiulekm@sh.itjust.workstoLinux@lemmy.mlX.Org & XWayland Hit By Four Security IssuesEnglish
    17·
    7 months ago

    My understanding is that all issues are patched in the mentioned releases, the config flag is not needed for that.

    The config flag has been added because supporting clients with different endianness is undertested and most people will never use it. So if it is going to generate vulnerabilities, it makes sense to be able to disable it easily, and to disable it by default on next major release. Indeed XWayland had it disabled by default already, so only the fourth issue (ProcRenderAddGlyphs) is relevant there if that default is not changed.