Hi,
I can confirm this issue, and the diff below seems to solve it for me.
Could you please test it and let us know if it works on your side?
Reason: In clientloop.c during client_loop() this function calls
client_simple_escape_filter() which then calls process_escapes() which in turn
fork()s the process. That being said, the pledge inside client_loop which
applies to this code path lacks the proc promise and therefore aborts ssh.
Index: clientloop.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
retrieving revision 1.299
diff -u -p -u -r1.299 clientloop.c
--- clientloop.c 31 May 2017 09:15:42 -0000 1.299
+++ clientloop.c 21 Jun 2017 10:14:26 -0000
@@ -1246,7 +1246,7 @@ client_loop(int have_pty, int escape_cha
} else {
debug("pledge: network");
- if (pledge("stdio unix inet dns tty", NULL) == -1)
+ if (pledge("stdio unix inet dns proc tty", NULL) == -1)
fatal("%s pledge(): %s", __func__, strerror(errno));
}
