bx
/
catgirl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OpenBSD: Hoist loading save file to drop filesystem read-access 

After TLS cert/key files, the save file is the only file being read from;
do so before pleding and drop the "rpath" promise all together:  log files
will only be created and written to.
weechat-hashes
Klemens Nanni 2021-06-11 12:30:56 +00:00 committed by C. McEnroe
parent 37aa3679bc
commit 4aa3da5786
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
chat.c
View File

@ -276,6 +276,10 @@ int main(int argc, char *argv[]) {
ircConfig(insecure, trust, cert, priv);
uiInitEarly();
if (save) {
uiLoad(save);
atexit(exitSave);
}
#ifdef __OpenBSD__
if (self.restricted) {
@ -288,7 +292,7 @@ int main(int argc, char *argv[]) {
char promises[64] = "stdio tty";
char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
if (save || logEnable) ptr = seprintf(ptr, end, " rpath wpath cpath");
if (save || logEnable) ptr = seprintf(ptr, end, " wpath cpath");
if (!self.restricted) ptr = seprintf(ptr, end, " proc exec");
char *promisesFinal = strdup(promises);
@ -299,10 +303,6 @@ int main(int argc, char *argv[]) {
if (error) err(EX_OSERR, "pledge");
#endif
if (save) {
uiLoad(save);
atexit(exitSave);
}
uiShowID(Network);
uiFormat(
Network, Cold, NULL,