From 695d615225bbd66ffee42f5c073ed45327790512 Mon Sep 17 00:00:00 2001 From: Přemysl Janouch Date: Wed, 30 Mar 2016 00:50:44 +0200 Subject: ZyklonB, kike: Use pledge(2) in OpenBSD degesch has something like "stdio wpath cpath inet tty proc exec" but given that it's user-extensible and very annoying for users to have it crash, I'm leaving it unrestricted for now. --- kike.c | 6 ++++++ zyklonb.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/kike.c b/kike.c index ce5bc1f..deff370 100644 --- a/kike.c +++ b/kike.c @@ -4076,6 +4076,12 @@ main (int argc, char *argv[]) else if (!irc_lock_pid_file (&ctx, &e)) exit_fatal ("%s", e->message); +#if OpenBSD >= 201605 + // This won't be as simple once we decide to implement REHASH + if (pledge ("stdio inet dns", NULL)) + exit_fatal ("%s: %s", "pledge", strerror (errno)); +#endif + ctx.polling = true; while (ctx.polling) poller_run (&ctx.poller); diff --git a/zyklonb.c b/zyklonb.c index 4ab27bc..c7ab8c7 100644 --- a/zyklonb.c +++ b/zyklonb.c @@ -2023,6 +2023,12 @@ main (int argc, char *argv[]) ctx.signal_event.user_data = &ctx; poller_fd_set (&ctx.signal_event, POLLIN); +#if OpenBSD >= 201605 + // cpath is for creating the plugin home directory + if (pledge ("stdio rpath cpath inet proc exec", NULL)) + exit_fatal ("%s: %s", "pledge", strerror (errno)); +#endif + plugin_load_all_from_config (&ctx); if (!parse_config (&ctx, &e) || !irc_connect (&ctx, &e)) -- cgit v1.2.3-70-g09d2