Re: Pledge failure in nc(1)

2016-05-28 Thread Bob Beck
committed.. Thanks Anthony! On Sat, May 28, 2016 at 09:58:55PM +0200, Theo Buehler wrote: > On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote: > > Nice catch, and the right analysis.. Thanks Anthony. I think that can > > be committed > > > > ok tb@ > > > I don't think we will get away

Re: Pledge failure in nc(1)

2016-05-28 Thread Theo Buehler
On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote: > Nice catch, and the right analysis.. Thanks Anthony. I think that can > be committed > ok tb@ > I don't think we will get away from a bit of a maze there without > deprecating nc options, so > IMO this is fine. > > > On Sat, May 28,

Re: Pledge failure in nc(1)

2016-05-28 Thread Theo de Raadt
> When nc(1) tries to connect through an HTTP proxy that requires > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" > fixes this problem, but you'll notice that the diff has a lot of nasty > branches. My failure to check Pflag when connecting over unix sockets > is not an

Re: Pledge failure in nc(1)

2016-05-28 Thread Bob Beck
Nice catch, and the right analysis.. Thanks Anthony. I think that can be committed I don't think we will get away from a bit of a maze there without deprecating nc options, so IMO this is fine. On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter wrote: > When nc(1)

Pledge failure in nc(1)

2016-05-28 Thread Anthony Coulter
When nc(1) tries to connect through an HTTP proxy that requires authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" fixes this problem, but you'll notice that the diff has a lot of nasty branches. My failure to check Pflag when connecting over unix sockets is not an oversight; nc