mirror of https://git.tukaani.org/xz.git
xz: Initialize the pledge(2) sandbox at the very beginning of main().
It feels better that the initializations are sandboxed too. They don't do anything that the pledge() call wouldn't allow.
This commit is contained in:
parent
49a59f6ca0
commit
026a5897c7
|
@ -142,6 +142,20 @@ read_name(const args_info *args)
|
||||||
int
|
int
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
#ifdef HAVE_PLEDGE
|
||||||
|
// OpenBSD's pledge(2) sandbox
|
||||||
|
//
|
||||||
|
// Unconditionally enable sandboxing with fairly relaxed promises.
|
||||||
|
// This is still way better than having no sandbox at all. :-)
|
||||||
|
// More strict promises will be made later in file_io.c if possible.
|
||||||
|
if (pledge("stdio rpath wpath cpath fattr", "")) {
|
||||||
|
// Don't translate the string or use message_fatal() as
|
||||||
|
// those haven't been initialized yet.
|
||||||
|
fprintf(stderr, "%s: Failed to enable the sandbox\n", argv[0]);
|
||||||
|
return E_ERROR;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(_WIN32) && !defined(__CYGWIN__)
|
#if defined(_WIN32) && !defined(__CYGWIN__)
|
||||||
InitializeCriticalSection(&exit_status_cs);
|
InitializeCriticalSection(&exit_status_cs);
|
||||||
#endif
|
#endif
|
||||||
|
@ -163,19 +177,6 @@ main(int argc, char **argv)
|
||||||
// on the command line, thus this must be done before args_parse().
|
// on the command line, thus this must be done before args_parse().
|
||||||
hardware_init();
|
hardware_init();
|
||||||
|
|
||||||
#ifdef HAVE_PLEDGE
|
|
||||||
// OpenBSD's pledge() sandbox
|
|
||||||
//
|
|
||||||
// Unconditionally enable sandboxing with fairly relaxed promises.
|
|
||||||
// This is still way better than having no sandbox at all. :-)
|
|
||||||
// More strict promises will be made later in file_io.c if possible.
|
|
||||||
//
|
|
||||||
// This is done only after the above initializations
|
|
||||||
// as the error message needs locale support.
|
|
||||||
if (pledge("stdio rpath wpath cpath fattr", ""))
|
|
||||||
message_fatal(_("Failed to enable the sandbox"));
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// Parse the command line arguments and get an array of filenames.
|
// Parse the command line arguments and get an array of filenames.
|
||||||
// This doesn't return if something is wrong with the command line
|
// This doesn't return if something is wrong with the command line
|
||||||
// arguments. If there are no arguments, one filename ("-") is still
|
// arguments. If there are no arguments, one filename ("-") is still
|
||||||
|
|
Loading…
Reference in New Issue