When using a combination of a Yubikey+GnuPG+remote forwarding the gpg-agent - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	mestre <mestre@openbsd.org>	2019-07-24 08:57:00 +0000
committer	mestre <mestre@openbsd.org>	2019-07-24 08:57:00 +0000
commit	f0e8b38887e769cab3f7a6db4f9ae7de2fab4e53 (patch)
tree	c5910101edbb11233972896a220f243341750b06 /sys/dev/pci/if_ipw.c
parent	Set athn(4) Tx descriptor fields which specify Tx power used for retries. (diff)
download	wireguard-openbsd-f0e8b38887e769cab3f7a6db4f9ae7de2fab4e53.tar.xz wireguard-openbsd-f0e8b38887e769cab3f7a6db4f9ae7de2fab4e53.zip

When using a combination of a Yubikey+GnuPG+remote forwarding the gpg-agent

(and options ControlMaster+RemoteForward in ssh_config(5)) then the codepath taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath then pledge(2) kills the process. The solution is to add "sendfd" to pledge(2), which is not too bad considering a little bit later we reduce pledge(2) to only "stdio proc tty" in that codepath. Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org> OK deraadt@

Diffstat (limited to 'sys/dev/pci/if_ipw.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: