OpenBSD: pledge(2) image

author: June McEnroe <june@causal.agency> 2021-09-26 12:31:03 -0400
committer: June McEnroe <june@causal.agency> 2021-09-26 12:31:21 -0400
commit: 3e35eeb55dae066d6b616c0d7a84ade9d9df9c44 (patch)
tree: d85eaf4618ef25b3e0eb74aeb1db25ad6283759a
parent: OpenBSD: pledge(2) client (diff)
download: torus-3e35eeb55dae066d6b616c0d7a84ade9d9df9c44.tar.gz
torus-3e35eeb55dae066d6b616c0d7a84ade9d9df9c44.zip
1 files changed, 16 insertions, 1 deletions
diff --git a/image.c b/image.c
index d8fcbc7..5e7fee7 100644
--- a/image.c
+++ b/image.c
@@ -204,11 +204,16 @@ static int streamWrite(void *cookie, const char *buf, int len) {
 
 static void worker(void) {
 	struct kfcgi *fcgi;
-	enum kcgi_err error = khttp_fcgi_init(
+	int error = khttp_fcgi_init(
 		&fcgi, Keys, KeysLen, Pages, PagesLen, PageTile
 	);
 	if (error) errkcgi(EX_CONFIG, error, "khttp_fcgi_init");
 
+#ifdef __OpenBSD__
+	error = pledge("stdio recvfd", NULL);
+	if (error) err(EX_OSERR, "pledge");
+#endif
+
 	for (;;) {
 		struct kreq req;
 		error = khttp_fcgi_parse(fcgi, &req);
@@ -276,6 +281,16 @@ int main(int argc, char *argv[]) {
 	fontLoad(fontPath);
 	tilesMap(dataPath);
 
+#ifdef __OpenBSD__
+	if (kcgi) {
+		int error = pledge("stdio unix sendfd recvfd proc", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	} else {
+		int error = pledge("stdio", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	}
+#endif
+
 #ifdef __FreeBSD__
 	int error = cap_enter();
 	if (error) err(EX_OSERR, "cap_enter");
author	June McEnroe <june@causal.agency>	2021-09-26 12:31:03 -0400
committer	June McEnroe <june@causal.agency>	2021-09-26 12:31:21 -0400
commit	3e35eeb55dae066d6b616c0d7a84ade9d9df9c44 (patch)
tree	d85eaf4618ef25b3e0eb74aeb1db25ad6283759a
parent	OpenBSD: pledge(2) client (diff)
download	torus-3e35eeb55dae066d6b616c0d7a84ade9d9df9c44.tar.gz torus-3e35eeb55dae066d6b616c0d7a84ade9d9df9c44.zip