Grégoire Jadi <[email protected]> writes:
> n 06/21/17 12:16, Ricardo Mestre wrote:
>> Hi,
>>
>> I can confirm this issue, and the diff below seems to solve it for me.
>>
>> Could you please test it and let us know if it works on your side?
>
> It does fix the issue. Thanks you.
>
>>
>> Reason: In clientloop.c during client_loop() this function calls
>> client_simple_escape_filter() which then calls process_escapes() which in
>> turn
>> fork()s the process. That being said, the pledge inside client_loop which
>> applies to this code path lacks the proc promise and therefore aborts ssh.
At first I couldn't reproduce the crash since I'm using "ControlMaster
auto". Since all the other pledge calls specify "proc", I don't think
it's a big drawback. ok jca@
>> Index: clientloop.c
>> ===================================================================
>> RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
>> retrieving revision 1.299
>> diff -u -p -u -r1.299 clientloop.c
>> --- clientloop.c 31 May 2017 09:15:42 -0000 1.299
>> +++ clientloop.c 21 Jun 2017 10:14:26 -0000
>> @@ -1246,7 +1246,7 @@ client_loop(int have_pty, int escape_cha
>>
>> } else {
>> debug("pledge: network");
>> - if (pledge("stdio unix inet dns tty", NULL) == -1)
>> + if (pledge("stdio unix inet dns proc tty", NULL) == -1)
>> fatal("%s pledge(): %s", __func__, strerror(errno));
>> }
>>
>>
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
