upstream: When using a combination of a Yubikey+GnuPG+remote

forwarding the gpg-agent (and options ControlMaster+RemoteForward in ssh_config(5)) then the codepath taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath then pledge(2) kills the process. The solution is to add "sendfd" to pledge(2), which is not too bad considering a little bit later we reduce pledge(2) to only "stdio proc tty" in that codepath. Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org> OK deraadt@ OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
author: mestre@openbsd.org <mestre@openbsd.org> 2019-07-24 08:57:00 +0000
committer: Damien Miller <djm@mindrot.org> 2019-07-30 15:06:27 +1000
commit: 7adf6c430d6fc17901e167bc0789d31638f5c2f8 (patch)
tree: e2895200df684948968c4119eddf1b0f7c71e2e3
parent: 0e2fe18acc1da853a9120c2e9af68e8d05e6503e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/clientloop.c b/clientloop.c
index 7f32871f8..b5a1f7038 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: clientloop.c,v 1.327 2019/07/24 08:57:00 mestre Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1251,7 +1251,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
        if (options.control_master &&
            !option_clear_or_none(options.control_path)) {
                debug("pledge: id");
-                if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",
+                if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty",
                    NULL) == -1)
                        fatal("%s pledge(): %s", __func__, strerror(errno));
author	mestre@openbsd.org <mestre@openbsd.org>	2019-07-24 08:57:00 +0000
committer	Damien Miller <djm@mindrot.org>	2019-07-30 15:06:27 +1000
commit	7adf6c430d6fc17901e167bc0789d31638f5c2f8 (patch)
tree	e2895200df684948968c4119eddf1b0f7c71e2e3
parent	0e2fe18acc1da853a9120c2e9af68e8d05e6503e (diff)

diff --git a/clientloop.c b/clientloop.c index 7f32871f8..b5a1f7038 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */	1	/* $OpenBSD: clientloop.c,v 1.327 2019/07/24 08:57:00 mestre Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1251,7 +1251,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
1251	if (options.control_master &&	1251	if (options.control_master &&
1252	!option_clear_or_none(options.control_path)) {	1252	!option_clear_or_none(options.control_path)) {
1253	debug("pledge: id");	1253	debug("pledge: id");
1254	if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",	1254	if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty",
1255	NULL) == -1)	1255	NULL) == -1)
1256	fatal("%s pledge(): %s", __func__, strerror(errno));	1256	fatal("%s pledge(): %s", __func__, strerror(errno));
1257		1257