Mailing List Archive: [Bug 3597] New: Why do we check both nsession_ids and remote_add_provider when judging whether allow remote addition of FIDO/PKCS11 provider libraries is disabled?

https://bugzilla.mindrot.org/show_bug.cgi?id=3597

Bug ID: 3597
Summary: Why do we check both nsession_ids and
remote_add_provider when judging whether allow remote
addition of FIDO/PKCS11 provider libraries is
disabled?
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Windows 10
Status: NEW
Severity: trivial
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs@mindrot.org
Reporter: rmsh1216@163.com

Disallow remote addition of FIDO/PKCS11 provider libraries to ssh-agent
by default is introducted in the commit:
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a

In my opinion, it is unnecessary for us to check the value of
nsession_ids, because nsession_ids is used to count the number of the
connections which are opened via "session-bind@openssh.com" agent
extension.
```
if (e->nsession_ids != 0 && !remote_add_provider) {
verbose("failed add of SK provider \"%.100s\": "
"remote addition of providers is disabled",
sk_provider);
goto out;
}
```
Please tell me the reason.
Thanks a lot.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs