[openssh-commits] [openssh] 02/03: upstream: unveil the actual listening socket path and its directory

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 1bfe4ce37c3c531150b33d1a9d4dae6234028076
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Tue Apr 28 21:32:05 2026 +0000

    upstream: unveil the actual listening socket path and its directory
    
    so it can be cleaned up at exit.
    
    Reported by / tested by David Krause, ok markus@
    
    OpenBSD-Commit-ID: b45d740e9a63dec0fad436ed78f6912b39f0cd53
---
 ssh-agent.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ssh-agent.c b/ssh-agent.c
index c73abd1d0..b8cecd234 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.324 2026/03/10 07:27:14 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.325 2026/04/28 21:32:05 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2572,6 +2572,14 @@ skip:
 	sigaddset(&nsigset, SIGTERM);
 	sigaddset(&nsigset, SIGUSR1);
 
+	if (socket_name != NULL && unveil(socket_name, "c") == -1) {
+		fatal("%s: unveil %s %s", __progname, socket_name,
+		    strerror(errno));
+	}
+	if (*socket_dir != '\0' && unveil(socket_dir, "c") == -1) {
+		fatal("%s: unveil %s %s", __progname, socket_dir,
+		    strerror(errno));
+	}
 	if (unveil("/", "r") == -1)
 		fatal("%s: unveil /: %s", __progname, strerror(errno));
 	if ((ccp = getenv("SSH_SK_HELPER")) == NULL || *ccp == '\0')

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.