Valerie Bubb Fenwick wrote: > Hi gang - > > After Krishna pointed out the issues with my first fix wrt the -T option > to the elfsign command, I went back to the drawing board. This new fix > is more complicated, involving the introduction of a new library that > will *only* be linked to by kcfd (so that the interposition only happens > when kcfd is being used, and kcfd's address space is also separate from > the active invokations of other libraries like libpkcs11 or the elfsign > command, which prevents the issue I saw before). > ...
I have a design level comment. It seemed to me you agreed earlier with John Zolnowsky's suggestion about having the elfsign command continue to use openssl library since it is useful as a debug/diagnosis tool when kcfd is failing. Is this no longer the case? I don't feel strongly about this issue. But, then I haven't spent much time diagnosing kcfd issues either. -Krishna
