diff options
author | Klemens Nanni | 2021-06-11 12:30:56 +0000 |
---|---|---|
committer | C. McEnroe | 2021-06-11 12:51:00 -0400 |
commit | 4aa3da578692d53a65342114e65403e7233aa726 (patch) | |
tree | f98cd48e5a6dc58d792e6aacd5494dcc91ff093e | |
parent | 37aa3679bcc8565e6f10da1999b1377ef9a568a3 (diff) |
OpenBSD: Hoist loading save file to drop filesystem read-access
After TLS cert/key files, the save file is the only file being read from; do so before pleding and drop the "rpath" promise all together: log files will only be created and written to.
-rw-r--r-- | chat.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/chat.c b/chat.c index 4f3c233..e01b511 100644 --- a/chat.c +++ b/chat.c @@ -276,6 +276,10 @@ int main(int argc, char *argv[]) { ircConfig(insecure, trust, cert, priv); uiInitEarly(); + if (save) { + uiLoad(save); + atexit(exitSave); + } #ifdef __OpenBSD__ if (self.restricted) { @@ -288,7 +292,7 @@ int main(int argc, char *argv[]) { char promises[64] = "stdio tty"; char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; - if (save || logEnable) ptr = seprintf(ptr, end, " rpath wpath cpath"); + if (save || logEnable) ptr = seprintf(ptr, end, " wpath cpath"); if (!self.restricted) ptr = seprintf(ptr, end, " proc exec"); char *promisesFinal = strdup(promises); @@ -299,10 +303,6 @@ int main(int argc, char *argv[]) { if (error) err(EX_OSERR, "pledge"); #endif - if (save) { - uiLoad(save); - atexit(exitSave); - } uiShowID(Network); uiFormat( Network, Cold, NULL, |