fix pledge violation with ssh -f; reported by Valentin Kozamernik

ok dtucker@

diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 6740964..8e32545 100644 (file)
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.285 2016/07/11 21:38:13 tb Exp $ */
+/* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -115,6 +115,9 @@ extern int stdin_null_flag;
 /* Flag indicating that no shell has been requested */
 extern int no_shell_flag;
 
+/* Flag indicating that ssh should daemonise after authentication is complete */
+extern int fork_after_authentication_flag;
+
 /* Control socket */
 extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
 
@@ -1498,7 +1501,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
        debug("Entering interactive session.");
 
        if (options.control_master &&
-           ! option_clear_or_none(options.control_path)) {
+           !option_clear_or_none(options.control_path)) {
                debug("pledge: id");
                if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",
                    NULL) == -1)
@@ -1516,7 +1519,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                    NULL) == -1)
                        fatal("%s pledge(): %s", __func__, strerror(errno));
 
-       } else if (! option_clear_or_none(options.proxy_command)) {
+       } else if (!option_clear_or_none(options.proxy_command) ||
+           fork_after_authentication_flag) {
                debug("pledge: proc");
                if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
                        fatal("%s pledge(): %s", __func__, strerror(errno));