diff options
| author | Klemens Nanni | 2021-01-22 22:02:01 +0100 |
|---|---|---|
| committer | C. McEnroe | 2021-01-23 00:48:19 -0500 |
| commit | 837c9efce434acf75834fd9ef8a5a05c1fa61004 (patch) | |
| tree | 3973184ee3ddec00aa43cc015a650d17ae23eec6 | |
| parent | c93c56e4e558e1877cfcd85580a826a4002166eb (diff) | |
Drop exec capability iff restricted
Nothing must be executed when running /copy, et al.
| -rw-r--r-- | chat.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -340,6 +340,13 @@ int main(int argc, char *argv[]) { fcntl(execPipe[1], F_SETFD, FD_CLOEXEC); } +#ifdef __OpenBSD__ + if (self.restricted) { + error = pledge("stdio rpath wpath cpath tty", NULL); + if (error) err(EX_OSERR, "pledge"); + } +#endif + struct pollfd fds[] = { { .events = POLLIN, .fd = STDIN_FILENO }, { .events = POLLIN, .fd = irc }, |