xz: Initialize the pledge(2) sandbox at the very beginning of main().

It feels better that the initializations are sandboxed too.
They don't do anything that the pledge() call wouldn't allow.

1 files changed, 14 insertions, 13 deletions

diff --git a/src/xz/main.c b/src/xz/main.c
index 63e1780c..c9c3deca 100644
--- a/src/xz/main.c
+++ b/src/xz/main.c
@@ -142,6 +142,20 @@ read_name(const args_info *args)
 int
 main(int argc, char **argv)
 {
+#ifdef HAVE_PLEDGE
+	// OpenBSD's pledge(2) sandbox
+	//
+	// Unconditionally enable sandboxing with fairly relaxed promises.
+	// This is still way better than having no sandbox at all. :-)
+	// More strict promises will be made later in file_io.c if possible.
+	if (pledge("stdio rpath wpath cpath fattr", "")) {
+		// Don't translate the string or use message_fatal() as
+		// those haven't been initialized yet.
+		fprintf(stderr, "%s: Failed to enable the sandbox\n", argv[0]);
+		return E_ERROR;
+	}
+#endif
+
 #if defined(_WIN32) && !defined(__CYGWIN__)
 	InitializeCriticalSection(&exit_status_cs);
 #endif
@@ -163,19 +177,6 @@ main(int argc, char **argv)
 	// on the command line, thus this must be done before args_parse().
 	hardware_init();
 
-#ifdef HAVE_PLEDGE
-	// OpenBSD's pledge() sandbox
-	//
-	// Unconditionally enable sandboxing with fairly relaxed promises.
-	// This is still way better than having no sandbox at all. :-)
-	// More strict promises will be made later in file_io.c if possible.
-	//
-	// This is done only after the above initializations
-	// as the error message needs locale support.
-	if (pledge("stdio rpath wpath cpath fattr", ""))
-		message_fatal(_("Failed to enable the sandbox"));
-#endif
-
 	// Parse the command line arguments and get an array of filenames.
 	// This doesn't return if something is wrong with the command line
 	// arguments. If there are no arguments, one filename ("-") is still