[openssh-commits] [openssh] 01/04: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Jan 7 20:13:39 AEDT 2016
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f
Author: semarie at openbsd.org <semarie at openbsd.org>
Date: Sat Dec 26 07:46:03 2015 +0000
upstream commit
adjust pledge promises for ControlMaster: when using
"ask" or "autoask", the process will use ssh-askpass for asking confirmation.
problem found by halex@
ok halex@
Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
---
clientloop.c | 18 +++++++++---------
mux.c | 11 ++++-------
2 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index e6e1a56..f555451 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */
+/* $OpenBSD: clientloop.c,v 1.278 2015/12/26 07:46:03 semarie Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1485,7 +1485,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
debug("Entering interactive session.");
- if (options.forward_x11 || options.permit_local_command) {
+ if (options.control_master &&
+ ! option_clear_or_none(options.control_path)) {
+ debug("pledge: id");
+ if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty",
+ NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+
+ } else if (options.forward_x11 || options.permit_local_command) {
debug("pledge: exec");
if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
NULL) == -1)
@@ -1502,13 +1509,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
- } else if (options.control_master &&
- ! option_clear_or_none(options.control_path)) {
- debug("pledge: filesystem create");
- if (pledge("stdio cpath unix inet dns tty",
- NULL) == -1)
- fatal("%s pledge(): %s", __func__, strerror(errno));
-
} else {
debug("pledge: network");
if (pledge("stdio unix inet dns tty", NULL) == -1)
diff --git a/mux.c b/mux.c
index a387467..0970449 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */
+/* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm at openbsd.org>
*
@@ -1851,9 +1851,6 @@ mux_client_request_session(int fd)
mm_send_fd(fd, STDERR_FILENO) == -1)
fatal("%s: send fds failed", __func__);
- if (pledge("stdio proc tty", NULL) == -1)
- fatal("%s pledge(): %s", __func__, strerror(errno));
-
debug3("%s: session request sent", __func__);
/* Read their reply */
@@ -1892,6 +1889,9 @@ mux_client_request_session(int fd)
}
muxclient_request_id++;
+ if (pledge("stdio proc tty", NULL) == -1)
+ fatal("%s pledge(): %s", __func__, strerror(errno));
+
signal(SIGHUP, control_client_sighandler);
signal(SIGINT, control_client_sighandler);
signal(SIGTERM, control_client_sighandler);
@@ -2165,9 +2165,6 @@ muxclient(const char *path)
}
set_nonblock(sock);
- if (pledge("stdio sendfd proc tty", NULL) == -1)
- fatal("%s pledge(): %s", __func__, strerror(errno));
-
if (mux_client_hello_exchange(sock) != 0) {
error("%s: master hello exchange failed", __func__);
close(sock);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list