diff options
| author | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-12-26 07:46:04 +0000 |
|---|---|---|
| committer | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-12-26 07:46:04 +0000 |
| commit | 37eb6fed7dcb7d2612d1f5cea29f02a1deebf0fd (patch) | |
| tree | ec0611a1f39da5d06ad38afd599116b106bca9c0 | |
| parent | 592e876af0df8fd7a6b430b66c5adb37d2272339 (diff) | |
adjust pledge promises for ControlMaster: when using "ask" or "autoask", the process will use ssh-askpass for asking confirmation.
problem found by halex@
ok halex@
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 18 | ||||
| -rw-r--r-- | usr.bin/ssh/mux.c | 11 |
2 files changed, 13 insertions, 16 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 318a3842376..394aeb9c528 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */ +/* $OpenBSD: clientloop.c,v 1.278 2015/12/26 07:46:03 semarie Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1473,7 +1473,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) debug("Entering interactive session."); - if (options.forward_x11 || options.permit_local_command) { + if (options.control_master && + ! option_clear_or_none(options.control_path)) { + debug("pledge: id"); + if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (options.forward_x11 || options.permit_local_command) { debug("pledge: exec"); if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", NULL) == -1) @@ -1490,13 +1497,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); - } else if (options.control_master && - ! option_clear_or_none(options.control_path)) { - debug("pledge: filesystem create"); - if (pledge("stdio cpath unix inet dns tty", - NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); - } else { debug("pledge: network"); if (pledge("stdio unix inet dns tty", NULL) == -1) diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c index 2cb0cdcc588..34fa30a45aa 100644 --- a/usr.bin/ssh/mux.c +++ b/usr.bin/ssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */ +/* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -1832,9 +1832,6 @@ mux_client_request_session(int fd) mm_send_fd(fd, STDERR_FILENO) == -1) fatal("%s: send fds failed", __func__); - if (pledge("stdio proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); - debug3("%s: session request sent", __func__); /* Read their reply */ @@ -1873,6 +1870,9 @@ mux_client_request_session(int fd) } muxclient_request_id++; + if (pledge("stdio proc tty", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + signal(SIGHUP, control_client_sighandler); signal(SIGINT, control_client_sighandler); signal(SIGTERM, control_client_sighandler); @@ -2145,9 +2145,6 @@ muxclient(const char *path) } set_nonblock(sock); - if (pledge("stdio sendfd proc tty", NULL) == -1) - fatal("%s pledge(): %s", __func__, strerror(errno)); - if (mux_client_hello_exchange(sock) != 0) { error("%s: master hello exchange failed", __func__); close(sock); |