aboutsummaryrefslogtreecommitdiff
path: root/src/xz/main.c
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2022-11-08 13:43:19 +0200
committerLasse Collin <lasse.collin@tukaani.org>2022-11-08 13:43:19 +0200
commit026a5897c72a2041ae08ceec54ce8b1cdeb51334 (patch)
tree23ddcb77bd6609f60f6670257f8fb1c094c349a3 /src/xz/main.c
parentxz: Extend --robot --info-memory output. (diff)
downloadxz-026a5897c72a2041ae08ceec54ce8b1cdeb51334.tar.xz
xz: Initialize the pledge(2) sandbox at the very beginning of main().
It feels better that the initializations are sandboxed too. They don't do anything that the pledge() call wouldn't allow.
Diffstat (limited to 'src/xz/main.c')
-rw-r--r--src/xz/main.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/src/xz/main.c b/src/xz/main.c
index 63e1780c..c9c3deca 100644
--- a/src/xz/main.c
+++ b/src/xz/main.c
@@ -142,6 +142,20 @@ read_name(const args_info *args)
int
main(int argc, char **argv)
{
+#ifdef HAVE_PLEDGE
+ // OpenBSD's pledge(2) sandbox
+ //
+ // Unconditionally enable sandboxing with fairly relaxed promises.
+ // This is still way better than having no sandbox at all. :-)
+ // More strict promises will be made later in file_io.c if possible.
+ if (pledge("stdio rpath wpath cpath fattr", "")) {
+ // Don't translate the string or use message_fatal() as
+ // those haven't been initialized yet.
+ fprintf(stderr, "%s: Failed to enable the sandbox\n", argv[0]);
+ return E_ERROR;
+ }
+#endif
+
#if defined(_WIN32) && !defined(__CYGWIN__)
InitializeCriticalSection(&exit_status_cs);
#endif
@@ -163,19 +177,6 @@ main(int argc, char **argv)
// on the command line, thus this must be done before args_parse().
hardware_init();
-#ifdef HAVE_PLEDGE
- // OpenBSD's pledge() sandbox
- //
- // Unconditionally enable sandboxing with fairly relaxed promises.
- // This is still way better than having no sandbox at all. :-)
- // More strict promises will be made later in file_io.c if possible.
- //
- // This is done only after the above initializations
- // as the error message needs locale support.
- if (pledge("stdio rpath wpath cpath fattr", ""))
- message_fatal(_("Failed to enable the sandbox"));
-#endif
-
// Parse the command line arguments and get an array of filenames.
// This doesn't return if something is wrong with the command line
// arguments. If there are no arguments, one filename ("-") is still