upstream commit

adjust pledge promises for ControlMaster: when using
 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.

problem found by halex@

ok halex@

Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80

diff --git a/clientloop.c b/clientloop.c
index e6e1a5657a34fc0ae56570bee7d4ea8f823ae35a..f55545194055d9f382d01e7b4f4aabf8cdde6c7a 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.277 2015/12/03 17:00:18 semarie Exp $ */
+/* $OpenBSD: clientloop.c,v 1.278 2015/12/26 07:46:03 semarie Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1485,7 +1485,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 
        debug("Entering interactive session.");
 
-       if (options.forward_x11 || options.permit_local_command) {
+       if (options.control_master &&
+           ! option_clear_or_none(options.control_path)) {
+               debug("pledge: id");
+               if (pledge("stdio rpath wpath cpath unix inet dns proc exec id tty",
+                   NULL) == -1)
+                       fatal("%s pledge(): %s", __func__, strerror(errno));
+
+       } else if (options.forward_x11 || options.permit_local_command) {
                debug("pledge: exec");
                if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
                    NULL) == -1)
@@ -1502,13 +1509,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
                        fatal("%s pledge(): %s", __func__, strerror(errno));
 
-       } else if (options.control_master &&
-           ! option_clear_or_none(options.control_path)) {
-               debug("pledge: filesystem create");
-               if (pledge("stdio cpath unix inet dns tty",
-                   NULL) == -1)
-                       fatal("%s pledge(): %s", __func__, strerror(errno));
-
        } else {
                debug("pledge: network");
                if (pledge("stdio unix inet dns tty", NULL) == -1)

diff --git a/mux.c b/mux.c
index a387467966764b1c51c80c85cea91f0c78de48d2..09704497f33264ee4c50854e174819475931937d 100644 (file)
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.56 2015/12/03 17:00:18 semarie Exp $ */
+/* $OpenBSD: mux.c,v 1.57 2015/12/26 07:46:03 semarie Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -1851,9 +1851,6 @@ mux_client_request_session(int fd)
            mm_send_fd(fd, STDERR_FILENO) == -1)
                fatal("%s: send fds failed", __func__);
 
-       if (pledge("stdio proc tty", NULL) == -1)
-               fatal("%s pledge(): %s", __func__, strerror(errno));
-
        debug3("%s: session request sent", __func__);
 
        /* Read their reply */
@@ -1892,6 +1889,9 @@ mux_client_request_session(int fd)
        }
        muxclient_request_id++;
 
+       if (pledge("stdio proc tty", NULL) == -1)
+               fatal("%s pledge(): %s", __func__, strerror(errno));
+
        signal(SIGHUP, control_client_sighandler);
        signal(SIGINT, control_client_sighandler);
        signal(SIGTERM, control_client_sighandler);
@@ -2165,9 +2165,6 @@ muxclient(const char *path)
        }
        set_nonblock(sock);
 
-       if (pledge("stdio sendfd proc tty", NULL) == -1)
-               fatal("%s pledge(): %s", __func__, strerror(errno));
-
        if (mux_client_hello_exchange(sock) != 0) {
                error("%s: master hello exchange failed", __func__);
                close(sock);