diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2021-11-13 17:26:13 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-11-18 08:59:38 +1100 |
commit | 7c025c005550c86a40200a2bcdd355d09413d61a (patch) | |
tree | 69b9a8d2edb0118a9a050069637ebbf4b0186e6b | |
parent | 06acb04c20ee483fe4757bd12aec870cc4bb1076 (diff) | |
download | openssh-git-7c025c005550c86a40200a2bcdd355d09413d61a.tar.gz |
upstream: It really looks like pledge "stdio dns" is possible
earlier. Discussed with mestre
OpenBSD-Commit-ID: 610873de63a593e0ac7bbbcb7a0f2894d36f4c01
-rw-r--r-- | ssh-keysign.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index 8b3c9a29..6e118592 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.68 2021/11/10 06:25:08 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.69 2021/11/13 17:26:13 deraadt Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -215,6 +215,9 @@ main(int argc, char **argv) fatal("ssh-keysign not enabled in %s", _PATH_HOST_CONFIG_FILE); + if (pledge("stdio dns", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + for (i = found = 0; i < NUM_KEYTYPES; i++) { if (key_fd[i] != -1) found = 1; @@ -240,9 +243,6 @@ main(int argc, char **argv) if (!found) fatal("no hostkey found"); - if (pledge("stdio dns", NULL) != 0) - fatal("%s: pledge: %s", __progname, strerror(errno)); - if ((b = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __progname); if (ssh_msg_recv(STDIN_FILENO, b) < 0) |