summary refs log tree commit diff
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-06-11 12:30:56 +0000
committerJune McEnroe <june@causal.agency>2021-06-11 12:51:00 -0400
commit4aa3da578692d53a65342114e65403e7233aa726 (patch)
treef98cd48e5a6dc58d792e6aacd5494dcc91ff093e
parentMatch gemini URLs (diff)
downloadcatgirl-4aa3da578692d53a65342114e65403e7233aa726.tar.gz
catgirl-4aa3da578692d53a65342114e65403e7233aa726.zip
OpenBSD: Hoist loading save file to drop filesystem read-access
After TLS cert/key files, the save file is the only file being read from;
do so before pleding and drop the "rpath" promise all together:  log files
will only be created and written to.
-rw-r--r--chat.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/chat.c b/chat.c
index 4f3c233..e01b511 100644
--- a/chat.c
+++ b/chat.c
@@ -276,6 +276,10 @@ int main(int argc, char *argv[]) {
 	ircConfig(insecure, trust, cert, priv);
 
 	uiInitEarly();
+	if (save) {
+		uiLoad(save);
+		atexit(exitSave);
+	}
 
 #ifdef __OpenBSD__
 	if (self.restricted) {
@@ -288,7 +292,7 @@ int main(int argc, char *argv[]) {
 
 	char promises[64] = "stdio tty";
 	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
-	if (save || logEnable) ptr = seprintf(ptr, end, " rpath wpath cpath");
+	if (save || logEnable) ptr = seprintf(ptr, end, " wpath cpath");
 	if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
 
 	char *promisesFinal = strdup(promises);
@@ -299,10 +303,6 @@ int main(int argc, char *argv[]) {
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
-	if (save) {
-		uiLoad(save);
-		atexit(exitSave);
-	}
 	uiShowID(Network);
 	uiFormat(
 		Network, Cold, NULL,