CVSROOT: /cvs
Module name: src
Changes by: mes...@cvs.openbsd.org 2019/07/24 02:57:00
Modified files:
usr.bin/ssh : clientloop.c
Log message:
When using a combination of a Yubikey+GnuPG+remote forwarding the gpg-agent
(and options ControlMaster+RemoteForward in ssh_config(5)) then the codepath
taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since
sendmsg(2) is not allowed in that codepath then pledge(2) kills the process.
The solution is to add "sendfd" to pledge(2), which is not too bad considering
a little bit later we reduce pledge(2) to only "stdio proc tty" in that
codepath.
Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
OK deraadt@
