Drop exec capability iff restricted

Nothing must be executed when running /copy, et al.
2021-01-22 22:02:01 +01:00 · 2021-01-22 22:02:01 +01:00 · 837c9efce4
parent c93c56e4e5
commit 837c9efce4
1 changed files with 7 additions and 0 deletions
--- a/chat.c
+++ b/chat.c
@ -340,6 +340,13 @@ int main(int argc, char *argv[]) {
 		fcntl(execPipe[1], F_SETFD, FD_CLOEXEC);
 	}

+#ifdef __OpenBSD__
+	if (self.restricted) {
+		error = pledge("stdio rpath wpath cpath tty", NULL);
+		if (error) err(EX_OSERR, "pledge");
+	}
+#endif
+
 	struct pollfd fds[] = {
 		{ .events = POLLIN, .fd = STDIN_FILENO },
 		{ .events = POLLIN, .fd = irc },