diff options
author | mestre@openbsd.org <mestre@openbsd.org> | 2019-07-24 08:57:00 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-07-30 15:06:27 +1000 |
commit | 7adf6c430d6fc17901e167bc0789d31638f5c2f8 (patch) | |
tree | e2895200df684948968c4119eddf1b0f7c71e2e3 | |
parent | 0e2fe18acc1da853a9120c2e9af68e8d05e6503e (diff) |
upstream: When using a combination of a Yubikey+GnuPG+remote
forwarding the gpg-agent (and options ControlMaster+RemoteForward in
ssh_config(5)) then the codepath taken will call mux_client_request_session
-> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
then pledge(2) kills the process.
The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.
Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
OK deraadt@
OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
-rw-r--r-- | clientloop.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/clientloop.c b/clientloop.c index 7f32871f8..b5a1f7038 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.327 2019/07/24 08:57:00 mestre Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1251,7 +1251,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, | |||
1251 | if (options.control_master && | 1251 | if (options.control_master && |
1252 | !option_clear_or_none(options.control_path)) { | 1252 | !option_clear_or_none(options.control_path)) { |
1253 | debug("pledge: id"); | 1253 | debug("pledge: id"); |
1254 | if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty", | 1254 | if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", |
1255 | NULL) == -1) | 1255 | NULL) == -1) |
1256 | fatal("%s pledge(): %s", __func__, strerror(errno)); | 1256 | fatal("%s pledge(): %s", __func__, strerror(errno)); |
1257 | 1257 | ||