[openssh-commits] [openssh] 01/02: upstream: repair ssh-keysign after pledge changes; spotted/tested

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 443616ce9070d370c97271347e91fcfd24b5df84
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Thu Mar 19 02:36:28 2026 +0000

    upstream: repair ssh-keysign after pledge changes; spotted/tested
    
    by naddy@ ok deraadt@
    
    OpenBSD-Commit-ID: fccc6c7994c8f45c4417efe490d23154d9caaa6d
---
 ssh-keysign.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 167141c55..6cfa51102 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.79 2025/11/13 10:35:14 dtucker Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.80 2026/03/19 02:36:28 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -185,9 +185,6 @@ main(int argc, char **argv)
 	char *host, *fp, *pkalg;
 	size_t slen, dlen;
 
-	if (pledge("stdio rpath getpw dns id", NULL) != 0)
-		fatal("%s: pledge: %s", __progname, strerror(errno));
-
 	/* Ensure that stdin and stdout are connected */
 	if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
 		exit(1);
@@ -195,6 +192,9 @@ main(int argc, char **argv)
 	if (fd > 2)
 		close(fd);
 
+	if (pledge("stdio rpath getpw dns id", NULL) != 0)
+		fatal("%s: pledge: %s", __progname, strerror(errno));
+
 	for (i = 0; i < NUM_KEYTYPES; i++)
 		key_fd[i] = -1;
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.