diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-07-23 02:54:08 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-07-23 13:24:20 +1000 |
| commit | 368dd977ae07afb93f4ecea23615128c95ab2b32 (patch) | |
| tree | d9cd0363221507431fdc7c4008dfe87f38c1ff4b /clientloop.c | |
| parent | f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e (diff) | |
upstream commit
fix pledge violation with ssh -f; reported by Valentin
Kozamernik ok dtucker@
Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/clientloop.c b/clientloop.c index 2272f24cb..2c44f5d19 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.285 2016/07/11 21:38:13 tb Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -123,6 +123,9 @@ extern int stdin_null_flag; | |||
| 123 | /* Flag indicating that no shell has been requested */ | 123 | /* Flag indicating that no shell has been requested */ |
| 124 | extern int no_shell_flag; | 124 | extern int no_shell_flag; |
| 125 | 125 | ||
| 126 | /* Flag indicating that ssh should daemonise after authentication is complete */ | ||
| 127 | extern int fork_after_authentication_flag; | ||
| 128 | |||
| 126 | /* Control socket */ | 129 | /* Control socket */ |
| 127 | extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ | 130 | extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ |
| 128 | 131 | ||
| @@ -1510,7 +1513,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
| 1510 | debug("Entering interactive session."); | 1513 | debug("Entering interactive session."); |
| 1511 | 1514 | ||
| 1512 | if (options.control_master && | 1515 | if (options.control_master && |
| 1513 | ! option_clear_or_none(options.control_path)) { | 1516 | !option_clear_or_none(options.control_path)) { |
| 1514 | debug("pledge: id"); | 1517 | debug("pledge: id"); |
| 1515 | if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty", | 1518 | if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty", |
| 1516 | NULL) == -1) | 1519 | NULL) == -1) |
| @@ -1528,7 +1531,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
| 1528 | NULL) == -1) | 1531 | NULL) == -1) |
| 1529 | fatal("%s pledge(): %s", __func__, strerror(errno)); | 1532 | fatal("%s pledge(): %s", __func__, strerror(errno)); |
| 1530 | 1533 | ||
| 1531 | } else if (! option_clear_or_none(options.proxy_command)) { | 1534 | } else if (!option_clear_or_none(options.proxy_command) || |
| 1535 | fork_after_authentication_flag) { | ||
| 1532 | debug("pledge: proc"); | 1536 | debug("pledge: proc"); |
| 1533 | if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) | 1537 | if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) |
| 1534 | fatal("%s pledge(): %s", __func__, strerror(errno)); | 1538 | fatal("%s pledge(): %s", __func__, strerror(errno)); |