After some consideration, simply allow TIOCSCTTY in the "tty" pledge.

Discussion with nicm.

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index a5c996e..ea9af23 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.62 2015/10/20 18:04:03 deraadt Exp $        */
+/*     $OpenBSD: kern_pledge.c,v 1.63 2015/10/22 10:35:23 deraadt Exp $        */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1022,11 +1022,6 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
                            fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
                                return (0);
                        break;
-               case TIOCSCTTY:         /* tmux etc */
-                       if ((p->p_p->ps_pledge & PLEDGE_ID) &&
-                           fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
-                               return (0);
-                       break;
                case TIOCSPGRP:
                        if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0)
                                break;
@@ -1047,6 +1042,7 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
                case TIOCSETAW:         /* cu, ... */
                case TIOCSETAF:         /* tcsetattr TCSAFLUSH, script */
                case TIOCFLUSH:         /* getty */
+               case TIOCSCTTY:         /* forkpty(3), login_tty(3), ... */
                        if (fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
                                return (0);
                        break;