https://bugzilla.mindrot.org/show_bug.cgi?id=2752
--- Comment #6 from ebarre...@linux.vnet.ibm.com --- (In reply to Damien Miller from comment #5) > Yeah, I agree. Would it be feasible to skip using the engines in the > pre-auth phase entirely? Hi Damien, We have on S390 two OpenSSL Engines, one more specific (is specific for one crypto card) and one more generic that works with different crypto card/devices. The first is openssl-ibmca and the last one openssl-ibmpkcs11. We already did some changes on the seccomp filter (openssh-7.5) for the ibmca engine, but the getuid and geteuid was missing as it was enabled on some distro's openssh package but not on others. Can we get the getuid and geteuid patch integrated for now? The other engine, ibmpkcs11, which needs the sysv ipc is not yet released and we can work on an alternative based on your feedback. This works for you? Thanks, Eduardo -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs