]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
projects / thirdparty / openssh-portable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4d90625)
upstream commit
authorderaadt@openbsd.org <deraadt@openbsd.org>
Fri, 27 Nov 2015 00:49:31 +0000 (00:49 +0000)
committerDamien Miller <djm@mindrot.org>
Sat, 28 Nov 2015 06:44:33 +0000 (17:44 +1100)
pledge "stdio rpath wpath cpath fattr tty proc exec"
 except for the -p option (which sadly has insane semantics...) ok semarie
 dtucker

Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059

scp.c patch | blob | blame | history

diff --git a/scp.c b/scp.c
index 842dc66a93af941b1aa03e7d75660deca80d05f6..0bdd7cb0b29d7177b5582db0793a66a82eb118f8 100644 (file)
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.183 2015/10/16 17:07:24 mmcc Exp $ */
+/* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -484,6 +484,16 @@ main(int argc, char **argv)
        if (!isatty(STDOUT_FILENO))
                showprogress = 0;
 
+       if (pflag) {
+               /* Cannot pledge: -p allows setuid/setgid files... */
+       } else {
+               if (pledge("stdio rpath wpath cpath fattr tty proc exec",
+                   NULL) == -1) {
+                       perror("pledge");
+                       exit(1);
+               }
+       }
+
        remin = STDIN_FILENO;
        remout = STDOUT_FILENO;
 
Mirror of https://github.com/openssh/openssh-portable.git