From 837c9efce434acf75834fd9ef8a5a05c1fa61004 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Fri, 22 Jan 2021 22:02:01 +0100 Subject: Drop exec capability iff restricted Nothing must be executed when running /copy, et al. --- chat.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'chat.c') diff --git a/chat.c b/chat.c index bc035e3..b36223c 100644 --- a/chat.c +++ b/chat.c @@ -340,6 +340,13 @@ int main(int argc, char *argv[]) { fcntl(execPipe[1], F_SETFD, FD_CLOEXEC); } +#ifdef __OpenBSD__ + if (self.restricted) { + error = pledge("stdio rpath wpath cpath tty", NULL); + if (error) err(EX_OSERR, "pledge"); + } +#endif + struct pollfd fds[] = { { .events = POLLIN, .fd = STDIN_FILENO }, { .events = POLLIN, .fd = irc }, -- cgit 1.4.1-2-gfad0