From b91926a97620f3e51761c271ba57aa5db790f48d Mon Sep 17 00:00:00 2001
From: "semarie@openbsd.org" <semarie@openbsd.org>
Date: Thu, 3 Dec 2015 17:00:18 +0000
Subject: upstream commit

pledges ssh client:   - mux client: which is used when
 ControlMaster is in use.     will end with "stdio proc tty" (proc is to
 permit sending SIGWINCH to mux master on window resize)

  - client loop: several levels of pledging depending of your used options

ok deraadt@

Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
---
 clientloop.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

(limited to 'clientloop.c')

diff --git a/clientloop.c b/clientloop.c
index 1e05cba2e..e6e1a5657 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
+/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1485,6 +1485,36 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 
 	debug("Entering interactive session.");
 
+	if (options.forward_x11 || options.permit_local_command) {
+		debug("pledge: exec");
+		if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
+		    NULL) == -1)
+			fatal("%s pledge(): %s", __func__, strerror(errno));
+
+	} else if (options.update_hostkeys) {
+		debug("pledge: filesystem full");
+		if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
+		    NULL) == -1)
+			fatal("%s pledge(): %s", __func__, strerror(errno));
+
+	} else if (! option_clear_or_none(options.proxy_command)) {
+		debug("pledge: proc");
+		if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
+			fatal("%s pledge(): %s", __func__, strerror(errno));
+
+	} else if (options.control_master &&
+	    ! option_clear_or_none(options.control_path)) {
+		debug("pledge: filesystem create");
+		if (pledge("stdio cpath unix inet dns tty",
+		    NULL) == -1)
+			fatal("%s pledge(): %s", __func__, strerror(errno));
+
+	} else {
+		debug("pledge: network");
+		if (pledge("stdio unix inet dns tty", NULL) == -1)
+			fatal("%s pledge(): %s", __func__, strerror(errno));
+	}
+
 	start_time = get_current_time();
 
 	/* Initialize variables. */
-- 
cgit v1.2.3