diff options
| author | Klemens Nanni <klemens@posteo.de> | 2021-06-29 00:03:00 +0000 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-07-13 15:16:22 -0400 |
| commit | 5bfba6df528d2d57daac93708b0dca6360711a80 (patch) | |
| tree | 076a294571970b487a5e0a60c8ed770d50b1ded2 | |
| parent | OpenBSD: unveil logs regardless of restrict mode (diff) | |
| download | catgirl-5bfba6df528d2d57daac93708b0dca6360711a80.tar.gz catgirl-5bfba6df528d2d57daac93708b0dca6360711a80.zip | |
OpenBSD: merge unveil and pledge logic a bit
This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change.
| -rw-r--r-- | chat.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/chat.c b/chat.c index 0bdb69c..ab0678a 100644 --- a/chat.c +++ b/chat.c @@ -282,24 +282,23 @@ int main(int argc, char *argv[]) { } #ifdef __OpenBSD__ + char promises[64] = "stdio tty"; + char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; + if (log) { const char *logdir = dataMkdir("log"); int error = unveil(logdir, "wc"); if (error) err(EX_OSERR, "unveil"); + ptr = seprintf(ptr, end, " wpath cpath"); } if (!self.restricted) { int error = unveil("/", "x"); if (error) err(EX_OSERR, "unveil"); + ptr = seprintf(ptr, end, " proc exec"); } - char promises[64] = "stdio tty"; - char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; - if (log) ptr = seprintf(ptr, end, " wpath cpath"); - if (!self.restricted) ptr = seprintf(ptr, end, " proc exec"); - char *promisesInitial = ptr; - ptr = seprintf(ptr, end, " inet dns"); int error = pledge(promises, NULL); if (error) err(EX_OSERR, "pledge"); |