From 1f51dfbad6710b28f244a8df6e5489c14e3c295b Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Mon, 1 Feb 2021 12:36:02 -0500
Subject: Drop pledge capabilities after binding and connecting

---
 bounce.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/bounce.c b/bounce.c
index 31ca4a6..d0bccfc 100644
--- a/bounce.c
+++ b/bounce.c
@@ -356,7 +356,7 @@ int main(int argc, char *argv[]) {
 	error = unveil(tls_default_ca_cert_file(), "r");
 	if (error) err(EX_OSFILE, "%s", tls_default_ca_cert_file());
 
-	error = pledge("stdio rpath wpath cpath inet flock unix dns recvfd", NULL);
+	error = pledge("stdio rpath wpath cpath flock inet dns unix recvfd", NULL);
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
@@ -423,6 +423,16 @@ int main(int argc, char *argv[]) {
 	serverConfig(insecure, trust, clientCert, clientPriv);
 	int server = serverConnect(serverBindHost, host, port);
 
+#ifdef __OpenBSD__
+	char promises[64];
+	snprintf(
+		promises, sizeof(promises), "stdio rpath inet%s",
+		(bindPath[0] ? " cpath unix recvfd" : "")
+	);
+	error = pledge(promises, NULL);
+	if (error) err(EX_OSERR, "pledge");
+#endif
+
 #ifdef __FreeBSD__
 	error = cap_enter();
 	if (error) err(EX_OSERR, "cap_enter");
-- 
cgit 1.4.1