diff options
| author | Klemens Nanni <kn@openbsd.org> | 2021-01-22 22:02:01 +0100 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-01-23 00:48:19 -0500 |
| commit | 837c9efce434acf75834fd9ef8a5a05c1fa61004 (patch) | |
| tree | 3973184ee3ddec00aa43cc015a650d17ae23eec6 | |
| parent | Drop network capability after ircConnect() (diff) | |
| download | catgirl-837c9efce434acf75834fd9ef8a5a05c1fa61004.tar.gz catgirl-837c9efce434acf75834fd9ef8a5a05c1fa61004.zip | |
Drop exec capability iff restricted
Nothing must be executed when running /copy, et al.
| -rw-r--r-- | chat.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/chat.c b/chat.c index bc035e3..b36223c 100644 --- a/chat.c +++ b/chat.c @@ -340,6 +340,13 @@ int main(int argc, char *argv[]) { fcntl(execPipe[1], F_SETFD, FD_CLOEXEC); } +#ifdef __OpenBSD__ + if (self.restricted) { + error = pledge("stdio rpath wpath cpath tty", NULL); + if (error) err(EX_OSERR, "pledge"); + } +#endif + struct pollfd fds[] = { { .events = POLLIN, .fd = STDIN_FILENO }, { .events = POLLIN, .fd = irc }, |