OpenBSD: pledge(2) the genCert code path

author: June McEnroe <june@causal.agency> 2021-09-02 18:22:23 -0400
committer: June McEnroe <june@causal.agency> 2021-09-02 18:22:23 -0400
commit: 144c75363738965c70335217b6b6722a4a6c0b16 (patch)
tree: 9c4af4ebb06736b55ab1893115c8056d376fb5b8
parent: OpenBSD: pledge(2) the hashPass code path (diff)
download: pounce-144c75363738965c70335217b6b6722a4a6c0b16.tar.gz
pounce-144c75363738965c70335217b6b6722a4a6c0b16.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/bounce.c b/bounce.c
index d8e9b87..c6bd7b1 100644
--- a/bounce.c
+++ b/bounce.c
@@ -624,8 +624,14 @@ static void genCert(const char *path, const char *ca) {
 	int out = open(path, O_WRONLY | O_APPEND | O_CREAT, 0600);
 	if (out < 0) err(EX_CANTCREAT, "%s", path);
 
+	int error;
+#ifdef __OpenBSD__
+	error = pledge("stdio proc exec", NULL);
+	if (error) err(EX_OSERR, "pledge");
+#endif
+
 	int rw[2];
-	int error = pipe(rw);
+	error = pipe(rw);
 	if (error) err(EX_OSERR, "pipe");
 
 	pid_t pid = fork();
author	June McEnroe <june@causal.agency>	2021-09-02 18:22:23 -0400
committer	June McEnroe <june@causal.agency>	2021-09-02 18:22:23 -0400
commit	144c75363738965c70335217b6b6722a4a6c0b16 (patch)
tree	9c4af4ebb06736b55ab1893115c8056d376fb5b8
parent	OpenBSD: pledge(2) the hashPass code path (diff)
download	pounce-144c75363738965c70335217b6b6722a4a6c0b16.tar.gz pounce-144c75363738965c70335217b6b6722a4a6c0b16.zip