From e238645d789cd7eb47541b66aea2a887ea122c9b Mon Sep 17 00:00:00 2001 From: "mestre@openbsd.org" Date: Fri, 23 Jun 2017 07:24:48 +0000 Subject: [PATCH] upstream commit When using the escape sequence &~ the code path is client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() and the pledge for this path lacks the proc promise and therefore aborts the process. The solution is to just add proc the promise to this specific pledge. Reported by Gregoire Jadi gjadi ! omecha.info Insight with tb@, OK jca@ Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b --- clientloop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clientloop.c b/clientloop.c index 612838376..b6443ced8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.299 2017/05/31 09:15:42 deraadt Exp $ */ +/* $OpenBSD: clientloop.c,v 1.300 2017/06/23 07:24:48 mestre Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1255,7 +1255,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) } else { debug("pledge: network"); - if (pledge("stdio unix inet dns tty", NULL) == -1) + if (pledge("stdio unix inet dns proc tty", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); }