| Summary: | Warnings from reading moduli file, refer to primes file | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Dimitri John Ledkov <xnox> | ||||||
| Component: | sshd | Assignee: | Darren Tucker <dtucker> | ||||||
| Status: | CLOSED FIXED | ||||||||
| Severity: | enhancement | CC: | djm, dtucker, mindrot | ||||||
| Priority: | P5 | ||||||||
| Version: | 7.2p1 | ||||||||
| Hardware: | Other | ||||||||
| OS: | Linux | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 2543 | ||||||||
| Attachments: |
|
||||||||
diff looks ok, however the "primes" file was deprecated in 2001:
$ cvs log dh.c
[...]
revision 1.15
date: 2001/06/22 21:27:07; author: provos; state: Exp; lines: +4 -4;
use /etc/moduli instead of /etc/primes, okay markus@
so I suspect we'd be better off just removing the fallback. If you haven't updated in 15 years then logging a warning and falling back to the built-in groups is the least of your problems.
While there:
logit("WARNING: %s does not exist, using fixed modulus", moduli_path);
While being missing is the most likely reason the open failed, it's not the only one. While we're making it more accurate we should include the real reason too.
Created attachment 2802 [details]
Remove /etc/primes fallback and fix moduli log messages
patch applied and will be in 7.3. Thanks. Close all resolved bugs after 7.3p1 release |
Created attachment 2801 [details] moduli-primes-warnings.patch Warnings about lack of moduli & primes files, refer to primes location only. Ditto, failing to find suitable prime in "moduli" file emits a warning that "no suitable primes" in "primes" file. Attached patch keeps track of which file was opened moduli or primes, and correctly emits appropriate warnings.