summary refs log tree commit diff
diff options
context:
space:
mode:
authorKlemens Nanni <kn@openbsd.org>2021-01-22 22:02:01 +0100
committerJune McEnroe <june@causal.agency>2021-01-23 00:48:19 -0500
commit837c9efce434acf75834fd9ef8a5a05c1fa61004 (patch)
tree3973184ee3ddec00aa43cc015a650d17ae23eec6
parentDrop network capability after ircConnect() (diff)
downloadcatgirl-837c9efce434acf75834fd9ef8a5a05c1fa61004.tar.gz
catgirl-837c9efce434acf75834fd9ef8a5a05c1fa61004.zip
Drop exec capability iff restricted
Nothing must be executed when running /copy, et al.
Diffstat
-rw-r--r--chat.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/chat.c b/chat.c
index bc035e3..b36223c 100644
--- a/chat.c
+++ b/chat.c
@@ -340,6 +340,13 @@ int main(int argc, char *argv[]) {
 		fcntl(execPipe[1], F_SETFD, FD_CLOEXEC);
 	}
 
+#ifdef __OpenBSD__
+	if (self.restricted) {
+		error = pledge("stdio rpath wpath cpath tty", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	}
+#endif
+
 	struct pollfd fds[] = {
 		{ .events = POLLIN, .fd = STDIN_FILENO },
 		{ .events = POLLIN, .fd = irc },
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-24 11:05:00 +0000
configureJune McEnroe 2021-08-21Zero local-key memory before freeing itJune McEnroe 2021-08-21Avoid overwriting manual AWAY messagesJune McEnroe 2021-08-20Replace verbose colors with two types of arrowsJune McEnroe 2021-08-20Explicitly clear TLS secrets after handshakeJune McEnroe 2021-08-20Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with serverJune McEnroe 2021-08-20Use "secure" libtls ciphersJune McEnroe 2021-07-08Use seprintf to build final 005June McEnroe 2021-06-19Fix LDADD.crypt on DarwinJune McEnroe 2021-06-18Add -m mode option to set user modesJune McEnroe 2021-06-18Document channel keys in join optionJune McEnroe 2021-06-18Use | to separate flags from config optionsJune McEnroe 2021-06-18Stop referring to server-time as IRCv3.2June McEnroe 2021-06-17Add mailing list archive to READMEJune McEnroe 2021-06-10Stop accumulating ISUPPORT tokens once MOTD startsJune McEnroe 2021-06-09Use seprintf for snip, removing strlcpynJune McEnroe 2021-06-09Use seprintf for reserializeJune McEnroe 2021-06-09Use seprintf for capListJune McEnroe 2021-06-09Add seprintfJune McEnroe 2021-05-27Add pounce-notify to README 2.4June McEnroe 2021-05-27Fix ENVIRONMENT formatting in pounce-notify(1)June McEnroe 2021-05-27Add note about Libera.Chat SASL-only rangesJune McEnroe 2021-05-25Add QUIRKS fileJune McEnroe 2021-05-19Replace freenode with tilde.chatJune McEnroe 2021-05-04notify: Reword pounce-notify manualJune McEnroe 2021-05-02Clean up Makefiles, configure scriptsJune McEnroe 2021-04-30palaver: Exit on getopt failureJune McEnroe 2021-04-30notify: Implement pounce-notifyJune McEnroe