From 5bfba6df528d2d57daac93708b0dca6360711a80 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Tue, 29 Jun 2021 00:03:00 +0000 Subject: OpenBSD: merge unveil and pledge logic a bit This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change. --- chat.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/chat.c b/chat.c index 0bdb69c..ab0678a 100644 --- a/chat.c +++ b/chat.c @@ -282,24 +282,23 @@ int main(int argc, char *argv[]) { } #ifdef __OpenBSD__ + char promises[64] = "stdio tty"; + char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; + if (log) { const char *logdir = dataMkdir("log"); int error = unveil(logdir, "wc"); if (error) err(EX_OSERR, "unveil"); + ptr = seprintf(ptr, end, " wpath cpath"); } if (!self.restricted) { int error = unveil("/", "x"); if (error) err(EX_OSERR, "unveil"); + ptr = seprintf(ptr, end, " proc exec"); } - char promises[64] = "stdio tty"; - char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)]; - if (log) ptr = seprintf(ptr, end, " wpath cpath"); - if (!self.restricted) ptr = seprintf(ptr, end, " proc exec"); - char *promisesInitial = ptr; - ptr = seprintf(ptr, end, " inet dns"); int error = pledge(promises, NULL); if (error) err(EX_OSERR, "pledge"); -- cgit 1.4.1-2-gfad0