upstream: It really looks like pledge "stdio dns" is possible

earlier. Discussed with mestre OpenBSD-Commit-ID: 610873de63a593e0ac7bbbcb7a0f2894d36f4c01
author: deraadt@openbsd.org <deraadt@openbsd.org> 2021-11-13 17:26:13 +0000
committer: Damien Miller <djm@mindrot.org> 2021-11-18 08:59:38 +1100
commit: 7c025c005550c86a40200a2bcdd355d09413d61a (patch)
tree: 69b9a8d2edb0118a9a050069637ebbf4b0186e6b
parent: 06acb04c20ee483fe4757bd12aec870cc4bb1076 (diff)
download: openssh-git-7c025c005550c86a40200a2bcdd355d09413d61a.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 8b3c9a29..6e118592 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.68 2021/11/10 06:25:08 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.69 2021/11/13 17:26:13 deraadt Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -215,6 +215,9 @@ main(int argc, char **argv)
 		fatal("ssh-keysign not enabled in %s",
 		    _PATH_HOST_CONFIG_FILE);
 
+	if (pledge("stdio dns", NULL) != 0)
+		fatal("%s: pledge: %s", __progname, strerror(errno));
+
 	for (i = found = 0; i < NUM_KEYTYPES; i++) {
 		if (key_fd[i] != -1)
 			found = 1;
@@ -240,9 +243,6 @@ main(int argc, char **argv)
 	if (!found)
 		fatal("no hostkey found");
 
-	if (pledge("stdio dns", NULL) != 0)
-		fatal("%s: pledge: %s", __progname, strerror(errno));
-
 	if ((b = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __progname);
 	if (ssh_msg_recv(STDIN_FILENO, b) < 0)
author	deraadt@openbsd.org <deraadt@openbsd.org>	2021-11-13 17:26:13 +0000
committer	Damien Miller <djm@mindrot.org>	2021-11-18 08:59:38 +1100
commit	7c025c005550c86a40200a2bcdd355d09413d61a (patch)
tree	69b9a8d2edb0118a9a050069637ebbf4b0186e6b
parent	06acb04c20ee483fe4757bd12aec870cc4bb1076 (diff)
download	openssh-git-7c025c005550c86a40200a2bcdd355d09413d61a.tar.gz