OpenBSD: Hoist loading save file to drop filesystem read-access

After TLS cert/key files, the save file is the only file being read from; do so before pleding and drop the "rpath" promise all together: log files will only be created and written to.
author: Klemens Nanni 2021-06-11 12:30:56 +0000
committer: C. McEnroe 2021-06-11 12:51:00 -0400
commit: 4aa3da578692d53a65342114e65403e7233aa726 (patch)
tree: f98cd48e5a6dc58d792e6aacd5494dcc91ff093e
parent: 37aa3679bcc8565e6f10da1999b1377ef9a568a3 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/chat.c b/chat.c
index 4f3c233..e01b511 100644
--- a/chat.c
+++ b/chat.c
@@ -276,6 +276,10 @@ int main(int argc, char *argv[]) {
 	ircConfig(insecure, trust, cert, priv);
 
 	uiInitEarly();
+	if (save) {
+		uiLoad(save);
+		atexit(exitSave);
+	}
 
 #ifdef __OpenBSD__
 	if (self.restricted) {
@@ -288,7 +292,7 @@ int main(int argc, char *argv[]) {
 
 	char promises[64] = "stdio tty";
 	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
-	if (save || logEnable) ptr = seprintf(ptr, end, " rpath wpath cpath");
+	if (save || logEnable) ptr = seprintf(ptr, end, " wpath cpath");
 	if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
 
 	char *promisesFinal = strdup(promises);
@@ -299,10 +303,6 @@ int main(int argc, char *argv[]) {
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
-	if (save) {
-		uiLoad(save);
-		atexit(exitSave);
-	}
 	uiShowID(Network);
 	uiFormat(
 		Network, Cold, NULL,
author	Klemens Nanni	2021-06-11 12:30:56 +0000
committer	C. McEnroe	2021-06-11 12:51:00 -0400
commit	4aa3da578692d53a65342114e65403e7233aa726 (patch)
tree	f98cd48e5a6dc58d792e6aacd5494dcc91ff093e
parent	37aa3679bcc8565e6f10da1999b1377ef9a568a3 (diff)