cURL / Mailing Lists / curl-library / Single Mail


Re: Custom OpenSSL crypto engine not known to cURL

From: Camille Moncelier <>
Date: Thu, 1 Apr 2010 08:53:50 +0200

> I can think of arguments both for and against using the same name. But I'm
> curious in learning what the WORST is that could happen if an app wrongly
> would be made to load a config file (possibly by an inventive user). I'm
> really not into these details and I've not yet had any answers to these
> security-related concerns.

You could set up some _evil_ openssl engine and set init = 1 so
openssl try to initialize it automatically and TADA, (Bonus points if
the application is setuid root) :-)

Camille Moncelier
If Java had true garbage collection, most programs would
delete themselves upon execution.
List admin:
Received on 2010-04-01