From 368dd977ae07afb93f4ecea23615128c95ab2b32 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 23 Jul 2016 02:54:08 +0000 Subject: upstream commit fix pledge violation with ssh -f; reported by Valentin Kozamernik ok dtucker@ Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa --- clientloop.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'clientloop.c') diff --git a/clientloop.c b/clientloop.c index 2272f24c..2c44f5d1 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.285 2016/07/11 21:38:13 tb Exp $ */ +/* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,6 +123,9 @@ extern int stdin_null_flag; /* Flag indicating that no shell has been requested */ extern int no_shell_flag; +/* Flag indicating that ssh should daemonise after authentication is complete */ +extern int fork_after_authentication_flag; + /* Control socket */ extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ @@ -1510,7 +1513,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) debug("Entering interactive session."); if (options.control_master && - ! option_clear_or_none(options.control_path)) { + !option_clear_or_none(options.control_path)) { debug("pledge: id"); if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty", NULL) == -1) @@ -1528,7 +1531,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); - } else if (! option_clear_or_none(options.proxy_command)) { + } else if (!option_clear_or_none(options.proxy_command) || + fork_after_authentication_flag) { debug("pledge: proc"); if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); -- cgit v1.2.3