From: Damien Miller <djm@mindrot.org>
Date: Mon, 18 Aug 2025 06:45:15 +0000 (+1000)
Subject: check for setsockopt IP_TOS in OpenBSD pledge
X-Git-Tag: V_10_1_P1~146
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9184fa363687fcb5dac056b093fb3b8e9d327242;p=thirdparty%2Fopenssh-portable.git

check for setsockopt IP_TOS in OpenBSD pledge

OpenBSD has recently relaxed the pledge(2) sandbox to allow some
setsockopt options to be changed without the "inet" promise.

This adds compatibility for OpenBSD that predates this relaxation.
---

diff --git a/clientloop.c b/clientloop.c
index b9a010414..577771f06 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -975,11 +975,11 @@ client_repledge(void)
 	} else if (options.forward_agent != 0) {
 		/* agent forwarding needs to open $SSH_AUTH_SOCK at will */
 		debug("pledge: agent");
-		if (pledge("stdio unix proc tty", NULL) == -1)
+		if (pledge(PLEDGE_EXTRA_INET "stdio unix proc tty", NULL) == -1)
 			fatal_f("pledge(): %s", strerror(errno));
 	} else {
 		debug("pledge: fork");
-		if (pledge("stdio proc tty", NULL) == -1)
+		if (pledge(PLEDGE_EXTRA_INET "stdio proc tty", NULL) == -1)
 			fatal_f("pledge(): %s", strerror(errno));
 	}
 	/* XXX further things to do:
diff --git a/configure.ac b/configure.ac
index 460ebd3b4..bc1900af7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1128,6 +1128,35 @@ mips-sony-bsd|mips-sony-newsos4)
 	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
 	    [syslog_r function is safe to use in in a signal handler])
 	TEST_MALLOC_OPTIONS="SJRU"
+	AC_MSG_CHECKING([whether pledge(2) allows IP_TOS])
+	need_pledge_inet=""
+	AC_RUN_IFELSE(
+	    [AC_LANG_PROGRAM([[
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <err.h>
+	    ]], [[
+int s, one = 1;
+if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1)
+	err(1, "socket");
+if (pledge("stdio", NULL) == -1)
+	err(1, "pledge");
+if (setsockopt(s, IPPROTO_IP, IP_TOS, &one, sizeof(one)) == -1)
+	err(1, "setsockopt");
+	    ]])],
+	    [ AC_MSG_RESULT([yes]) ], [
+		AC_MSG_RESULT([no])
+		need_pledge_inet=1
+	    ],
+	    [ AC_MSG_WARN([cross compiling: cannot test]) ])
+	if test -z "$need_pledge_inet" ; then
+		AC_DEFINE_UNQUOTED([PLEDGE_EXTRA_INET], [])
+	else
+		AC_DEFINE_UNQUOTED([PLEDGE_EXTRA_INET], ["inet "],
+			[need inet in pledge for setsockopt IP_TOS])
+	fi
 	;;
 *-*-solaris*)
 	if test "x$withval" != "xno" ; then