[openssh-commits] [openssh] 03/03: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Jul 23 13:24:26 AEST 2016


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 368dd977ae07afb93f4ecea23615128c95ab2b32
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Jul 23 02:54:08 2016 +0000

    upstream commit
    
    fix pledge violation with ssh -f; reported by Valentin
    Kozamernik ok dtucker@
    
    Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
---
 clientloop.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 2272f24..2c44f5d 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.285 2016/07/11 21:38:13 tb Exp $ */
+/* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -123,6 +123,9 @@ extern int stdin_null_flag;
 /* Flag indicating that no shell has been requested */
 extern int no_shell_flag;
 
+/* Flag indicating that ssh should daemonise after authentication is complete */
+extern int fork_after_authentication_flag;
+
 /* Control socket */
 extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
 
@@ -1510,7 +1513,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 	debug("Entering interactive session.");
 
 	if (options.control_master &&
-	    ! option_clear_or_none(options.control_path)) {
+	    !option_clear_or_none(options.control_path)) {
 		debug("pledge: id");
 		if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",
 		    NULL) == -1)
@@ -1528,7 +1531,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 		    NULL) == -1)
 			fatal("%s pledge(): %s", __func__, strerror(errno));
 
-	} else if (! option_clear_or_none(options.proxy_command)) {
+	} else if (!option_clear_or_none(options.proxy_command) ||
+	    fork_after_authentication_flag) {
 		debug("pledge: proc");
 		if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
 			fatal("%s pledge(): %s", __func__, strerror(errno));

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list