From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Sat, 30 Apr 2022 10:58:10 +0000 Subject: [PATCH] Fix pledges to conform to serenity's pledge() Co-Authored-By: Patrick Meyer --- clientloop.c | 10 +++++----- ssh-keysign.c | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/clientloop.c b/clientloop.c index f8350e6..00bf4b6 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1227,31 +1227,31 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, if (options.control_master && !option_clear_or_none(options.control_path)) { debug("pledge: id"); - if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", + if (pledge("stdio rpath wpath cpath unix inet recvfd sendfd proc exec id tty sigaction", NULL) == -1) fatal_f("pledge(): %s", strerror(errno)); } else if (options.forward_x11 || options.permit_local_command) { debug("pledge: exec"); - if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", + if (pledge("stdio rpath wpath cpath unix inet proc exec tty sigaction", NULL) == -1) fatal_f("pledge(): %s", strerror(errno)); } else if (options.update_hostkeys) { debug("pledge: filesystem"); - if (pledge("stdio rpath wpath cpath unix inet dns proc tty", + if (pledge("stdio rpath wpath cpath unix inet proc tty sigaction", NULL) == -1) fatal_f("pledge(): %s", strerror(errno)); } else if (!option_clear_or_none(options.proxy_command) || options.fork_after_authentication) { debug("pledge: proc"); - if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) + if (pledge("stdio cpath unix inet proc tty sigaction", NULL) == -1) fatal_f("pledge(): %s", strerror(errno)); } else { debug("pledge: network"); - if (pledge("stdio unix inet dns proc tty", NULL) == -1) + if (pledge("stdio unix inet proc tty sigaction", NULL) == -1) fatal_f("pledge(): %s", strerror(errno)); } diff --git a/ssh-keysign.c b/ssh-keysign.c index c52321e..9ae4dbf 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -187,7 +187,7 @@ main(int argc, char **argv) char *host, *fp, *pkalg; size_t slen, dlen; - if (pledge("stdio rpath getpw dns id", NULL) != 0) + if (pledge("stdio rpath id", NULL) != 0) fatal("%s: pledge: %s", __progname, strerror(errno)); /* Ensure that stdin and stdout are connected */ @@ -226,7 +226,7 @@ main(int argc, char **argv) fatal("ssh-keysign not enabled in %s", _PATH_HOST_CONFIG_FILE); - if (pledge("stdio dns", NULL) != 0) + if (pledge("stdio", NULL) != 0) fatal("%s: pledge: %s", __progname, strerror(errno)); for (i = found = 0; i < NUM_KEYTYPES; i++) {