upstream commit

pledges ssh client:   - mux client: which is used when
 ControlMaster is in use.     will end with "stdio proc tty" (proc is to
 permit sending SIGWINCH to mux master on window resize)

  - client loop: several levels of pledging depending of your used options

ok deraadt@

Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b

1 files changed, 10 insertions, 1 deletions

diff --git a/mux.c b/mux.c
index d8e416262..a38746796 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.55 2015/10/15 23:51:40 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -1851,6 +1851,9 @@ mux_client_request_session(int fd)
             mm_send_fd(fd, STDERR_FILENO) == -1)
                 fatal("%s: send fds failed", __func__);
 
+        if (pledge("stdio proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
+
         debug3("%s: session request sent", __func__);
 
         /* Read their reply */
@@ -1996,6 +1999,9 @@ mux_client_request_stdio_fwd(int fd)
             mm_send_fd(fd, STDOUT_FILENO) == -1)
                 fatal("%s: send fds failed", __func__);
 
+        if (pledge("stdio proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
+
         debug3("%s: stdio forward request sent", __func__);
 
         /* Read their reply */
@@ -2159,6 +2165,9 @@ muxclient(const char *path)
         }
         set_nonblock(sock);
 
+        if (pledge("stdio sendfd proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
+
         if (mux_client_hello_exchange(sock) != 0) {
                 error("%s: master hello exchange failed", __func__);
                 close(sock);