From bc3bd956481131a15dcae95eb818b3b3ccc7ed79 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Fri, 22 Jan 2021 22:02:02 +0100 Subject: [PATCH] Drop filesystem access iff possible Log files and state save/restore both require read/write access to the filesystem, both during start and exit. If neither features are used, catgirl may run with "stdio tty". --- chat.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/chat.c b/chat.c index b36223c..6458925 100644 --- a/chat.c +++ b/chat.c @@ -341,10 +341,12 @@ int main(int argc, char *argv[]) { } #ifdef __OpenBSD__ - if (self.restricted) { - error = pledge("stdio rpath wpath cpath tty", NULL); - if (error) err(EX_OSERR, "pledge"); - } + char promises[64] = "stdio tty"; + struct Cat cat = { promises, sizeof(promises), strlen(promises) }; + if (save || logEnable) catf(&cat, " rpath wpath cpath"); + if (!self.restricted) catf(&cat, " proc exec"); + error = pledge(promises, NULL); + if (error) err(EX_OSERR, "pledge"); #endif struct pollfd fds[] = {