diff options
| author | semarie@openbsd.org <semarie@openbsd.org> | 2015-12-26 07:46:03 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-01-07 20:13:31 +1100 |
| commit | d7d2bc95045a43dd56ea696cc1d030ac9d77e81f (patch) | |
| tree | 6b808b8a88af0008df485d5ec8dc4faffa9419ae /clientloop.c | |
| parent | 271df8185d9689b3fb0523f58514481b858f6843 (diff) | |
upstream commit
adjust pledge promises for ControlMaster: when using
"ask" or "autoask", the process will use ssh-askpass for asking confirmation.
problem found by halex@
ok halex@
Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
Diffstat (limited to 'clientloop.c')
| -rw-r--r-- | clientloop.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/clientloop.c b/clientloop.c index e6e1a5657..f55545194 100644 --- a/clientloop.c +++ b/clientloop.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.278 2015/12/26 07:46:03 semarie Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1485,7 +1485,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
| 1485 | 1485 | ||
| 1486 | debug("Entering interactive session."); | 1486 | debug("Entering interactive session."); |
| 1487 | 1487 | ||
| 1488 | if (options.forward_x11 || options.permit_local_command) { | 1488 | if (options.control_master && |
| 1489 | ! option_clear_or_none(options.control_path)) { | ||
| 1490 | debug("pledge: id"); | ||
| 1491 | if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty", | ||
| 1492 | NULL) == -1) | ||
| 1493 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
| 1494 | |||
| 1495 | } else if (options.forward_x11 || options.permit_local_command) { | ||
| 1489 | debug("pledge: exec"); | 1496 | debug("pledge: exec"); |
| 1490 | if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", | 1497 | if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", |
| 1491 | NULL) == -1) | 1498 | NULL) == -1) |
| @@ -1502,13 +1509,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
| 1502 | if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) | 1509 | if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) |
| 1503 | fatal("%s pledge(): %s", __func__, strerror(errno)); | 1510 | fatal("%s pledge(): %s", __func__, strerror(errno)); |
| 1504 | 1511 | ||
| 1505 | } else if (options.control_master && | ||
| 1506 | ! option_clear_or_none(options.control_path)) { | ||
| 1507 | debug("pledge: filesystem create"); | ||
| 1508 | if (pledge("stdio cpath unix inet dns tty", | ||
| 1509 | NULL) == -1) | ||
| 1510 | fatal("%s pledge(): %s", __func__, strerror(errno)); | ||
| 1511 | |||
| 1512 | } else { | 1512 | } else { |
| 1513 | debug("pledge: network"); | 1513 | debug("pledge: network"); |
| 1514 | if (pledge("stdio unix inet dns tty", NULL) == -1) | 1514 | if (pledge("stdio unix inet dns tty", NULL) == -1) |