upstream commit

adjust pledge promises for ControlMaster: when using
 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.

problem found by halex@

ok halex@

Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80

1 files changed, 4 insertions, 7 deletions

diff --git a/mux.c b/mux.c
index a38746796..09704497f 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */
+/* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -1851,9 +1851,6 @@ mux_client_request_session(int fd)
             mm_send_fd(fd, STDERR_FILENO) == -1)
                 fatal("%s: send fds failed", __func__);
 
-        if (pledge("stdio proc tty", NULL) == -1)
-                fatal("%s pledge(): %s", __func__, strerror(errno));
-
         debug3("%s: session request sent", __func__);
 
         /* Read their reply */
@@ -1892,6 +1889,9 @@ mux_client_request_session(int fd)
         }
         muxclient_request_id++;
 
+        if (pledge("stdio proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
+
         signal(SIGHUP, control_client_sighandler);
         signal(SIGINT, control_client_sighandler);
         signal(SIGTERM, control_client_sighandler);
@@ -2165,9 +2165,6 @@ muxclient(const char *path)
         }
         set_nonblock(sock);
 
-        if (pledge("stdio sendfd proc tty", NULL) == -1)
-                fatal("%s pledge(): %s", __func__, strerror(errno));
-
         if (mux_client_hello_exchange(sock) != 0) {
                 error("%s: master hello exchange failed", __func__);
                 close(sock);