2 files changed, 41 insertions, 2 deletions
diff --git a/clientloop.c b/clientloop.c
index 1e05cba2e..e6e1a5657 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
+/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1485,6 +1485,36 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
        debug("Entering interactive session.");
+        if (options.forward_x11 || options.permit_local_command) {
+                debug("pledge: exec");
+                if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
+                    NULL) == -1)
+                        fatal("%s pledge(): %s", __func__, strerror(errno));
+        } else if (options.update_hostkeys) {
+                debug("pledge: filesystem full");
+                if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
+                    NULL) == -1)
+                        fatal("%s pledge(): %s", __func__, strerror(errno));
+        } else if (! option_clear_or_none(options.proxy_command)) {
+                debug("pledge: proc");
+                if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
+                        fatal("%s pledge(): %s", __func__, strerror(errno));
+        } else if (options.control_master &&
+            ! option_clear_or_none(options.control_path)) {
+                debug("pledge: filesystem create");
+                if (pledge("stdio cpath unix inet dns tty",
+                    NULL) == -1)
+                        fatal("%s pledge(): %s", __func__, strerror(errno));
+        } else {
+                debug("pledge: network");
+                if (pledge("stdio unix inet dns tty", NULL) == -1)
+                        fatal("%s pledge(): %s", __func__, strerror(errno));
+        }
        start_time = get_current_time();
        /* Initialize variables. */
diff --git a/mux.c b/mux.c
index d8e416262..a38746796 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.55 2015/10/15 23:51:40 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */
 /*
 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
 *
@@ -1851,6 +1851,9 @@ mux_client_request_session(int fd)
            mm_send_fd(fd, STDERR_FILENO) == -1)
                fatal("%s: send fds failed", __func__);
+        if (pledge("stdio proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
        debug3("%s: session request sent", __func__);
        /* Read their reply */
@@ -1996,6 +1999,9 @@ mux_client_request_stdio_fwd(int fd)
            mm_send_fd(fd, STDOUT_FILENO) == -1)
                fatal("%s: send fds failed", __func__);
+        if (pledge("stdio proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
        debug3("%s: stdio forward request sent", __func__);
        /* Read their reply */
@@ -2159,6 +2165,9 @@ muxclient(const char *path)
        }
        set_nonblock(sock);
+        if (pledge("stdio sendfd proc tty", NULL) == -1)
+                fatal("%s pledge(): %s", __func__, strerror(errno));
        if (mux_client_hello_exchange(sock) != 0) {
                error("%s: master hello exchange failed", __func__);
                close(sock);

diff --git a/clientloop.c b/clientloop.c index 1e05cba2e..e6e1a5657 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */	1	/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1485,6 +1485,36 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1485		1485
1486	debug("Entering interactive session.");	1486	debug("Entering interactive session.");
1487		1487
		1488	if (options.forward_x11 \|\| options.permit_local_command) {
		1489	debug("pledge: exec");
		1490	if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
		1491	NULL) == -1)
		1492	fatal("%s pledge(): %s", __func__, strerror(errno));
		1493
		1494	} else if (options.update_hostkeys) {
		1495	debug("pledge: filesystem full");
		1496	if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
		1497	NULL) == -1)
		1498	fatal("%s pledge(): %s", __func__, strerror(errno));
		1499
		1500	} else if (! option_clear_or_none(options.proxy_command)) {
		1501	debug("pledge: proc");
		1502	if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
		1503	fatal("%s pledge(): %s", __func__, strerror(errno));
		1504
		1505	} else if (options.control_master &&
		1506	! option_clear_or_none(options.control_path)) {
		1507	debug("pledge: filesystem create");
		1508	if (pledge("stdio cpath unix inet dns tty",
		1509	NULL) == -1)
		1510	fatal("%s pledge(): %s", __func__, strerror(errno));
		1511
		1512	} else {
		1513	debug("pledge: network");
		1514	if (pledge("stdio unix inet dns tty", NULL) == -1)
		1515	fatal("%s pledge(): %s", __func__, strerror(errno));
		1516	}
		1517
1488	start_time = get_current_time();	1518	start_time = get_current_time();
1489		1519
1490	/* Initialize variables. */	1520	/* Initialize variables. */


diff --git a/mux.c b/mux.c index d8e416262..a38746796 100644 --- a/mux.c +++ b/mux.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mux.c,v 1.55 2015/10/15 23:51:40 djm Exp $ */	1	/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */
2	/*	2	/*
3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>	3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4	*	4	*
@@ -1851,6 +1851,9 @@ mux_client_request_session(int fd)
1851	mm_send_fd(fd, STDERR_FILENO) == -1)	1851	mm_send_fd(fd, STDERR_FILENO) == -1)
1852	fatal("%s: send fds failed", __func__);	1852	fatal("%s: send fds failed", __func__);
1853		1853
		1854	if (pledge("stdio proc tty", NULL) == -1)
		1855	fatal("%s pledge(): %s", __func__, strerror(errno));
		1856
1854	debug3("%s: session request sent", __func__);	1857	debug3("%s: session request sent", __func__);
1855		1858
1856	/* Read their reply */	1859	/* Read their reply */
@@ -1996,6 +1999,9 @@ mux_client_request_stdio_fwd(int fd)
1996	mm_send_fd(fd, STDOUT_FILENO) == -1)	1999	mm_send_fd(fd, STDOUT_FILENO) == -1)
1997	fatal("%s: send fds failed", __func__);	2000	fatal("%s: send fds failed", __func__);
1998		2001
		2002	if (pledge("stdio proc tty", NULL) == -1)
		2003	fatal("%s pledge(): %s", __func__, strerror(errno));
		2004
1999	debug3("%s: stdio forward request sent", __func__);	2005	debug3("%s: stdio forward request sent", __func__);
2000		2006
2001	/* Read their reply */	2007	/* Read their reply */
@@ -2159,6 +2165,9 @@ muxclient(const char *path)
2159	}	2165	}
2160	set_nonblock(sock);	2166	set_nonblock(sock);
2161		2167
		2168	if (pledge("stdio sendfd proc tty", NULL) == -1)
		2169	fatal("%s pledge(): %s", __func__, strerror(errno));
		2170
2162	if (mux_client_hello_exchange(sock) != 0) {	2171	if (mux_client_hello_exchange(sock) != 0) {
2163	error("%s: master hello exchange failed", __func__);	2172	error("%s: master hello exchange failed", __func__);
2164	close(sock);	2173	close(sock);