tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-03 20:14:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream commit

Browse Source 
adjust pledge promises for ControlMaster: when using
 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.

problem found by halex@

ok halex@

Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
This commit is contained in:
semarie@openbsd.org 2015-12-26 07:46:03 +00:00 committed by Damien Miller
parent 271df8185d
commit d7d2bc9504
2 changed files with 13 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */ /* $OpenBSD: clientloop.c,v 1.278 2015/12/26 07:46:03 semarie Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1485,7 +1485,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
debug("Entering interactive session."); debug("Entering interactive session.");
if (options.forward_x11 || options.permit_local_command) { if (options.control_master &&
! option_clear_or_none(options.control_path)) {
debug("pledge: id");
if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty",
NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
} else if (options.forward_x11 || options.permit_local_command) {
debug("pledge: exec"); debug("pledge: exec");
if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
NULL) == -1) NULL) == -1)
@ -1502,13 +1509,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno)); fatal("%s pledge(): %s", __func__, strerror(errno));
} else if (options.control_master &&
! option_clear_or_none(options.control_path)) {
debug("pledge: filesystem create");
if (pledge("stdio cpath unix inet dns tty",
NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
} else { } else {
debug("pledge: network"); debug("pledge: network");
if (pledge("stdio unix inet dns tty", NULL) == -1) if (pledge("stdio unix inet dns tty", NULL) == -1)

11
mux.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */ /* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */
/* /*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
* *
@ -1851,9 +1851,6 @@ mux_client_request_session(int fd)
mm_send_fd(fd, STDERR_FILENO) == -1) mm_send_fd(fd, STDERR_FILENO) == -1)
fatal("%s: send fds failed", __func__); fatal("%s: send fds failed", __func__);
if (pledge("stdio proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
debug3("%s: session request sent", __func__); debug3("%s: session request sent", __func__);
/* Read their reply */ /* Read their reply */
@ -1892,6 +1889,9 @@ mux_client_request_session(int fd)
} }
muxclient_request_id++; muxclient_request_id++;
if (pledge("stdio proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
signal(SIGHUP, control_client_sighandler); signal(SIGHUP, control_client_sighandler);
signal(SIGINT, control_client_sighandler); signal(SIGINT, control_client_sighandler);
signal(SIGTERM, control_client_sighandler); signal(SIGTERM, control_client_sighandler);
@ -2165,9 +2165,6 @@ muxclient(const char *path)
} }
set_nonblock(sock); set_nonblock(sock);
if (pledge("stdio sendfd proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
if (mux_client_hello_exchange(sock) != 0) { if (mux_client_hello_exchange(sock) != 0) {
error("%s: master hello exchange failed", __func__); error("%s: master hello exchange failed", __func__);
close(sock); close(sock);