ZyklonB, kike: Use pledge(2) in OpenBSD

degesch has something like "stdio wpath cpath inet tty proc exec" but given that it's user-extensible and very annoying for users to have it crash, I'm leaving it unrestricted for now.
2016-03-30 00:50:44 +02:00 · 2016-03-30 00:50:44 +02:00 · 695d615225
commit 695d615225
parent 8a3144f0ac
2 changed files with 12 additions and 0 deletions
--- a/kike.c
+++ b/kike.c
@ -4076,6 +4076,12 @@ main (int argc, char *argv[])
 	else if (!irc_lock_pid_file (&ctx, &e))
 		exit_fatal ("%s", e->message);

+#if OpenBSD >= 201605
+	// This won't be as simple once we decide to implement REHASH
+	if (pledge ("stdio inet dns", NULL))
+		exit_fatal ("%s: %s", "pledge", strerror (errno));
+#endif
+
 	ctx.polling = true;
 	while (ctx.polling)
 		poller_run (&ctx.poller);
--- a/zyklonb.c
+++ b/zyklonb.c
@ -2023,6 +2023,12 @@ main (int argc, char *argv[])
 	ctx.signal_event.user_data = &ctx;
 	poller_fd_set (&ctx.signal_event, POLLIN);

+#if OpenBSD >= 201605
+	// cpath is for creating the plugin home directory
+	if (pledge ("stdio rpath cpath inet proc exec", NULL))
+		exit_fatal ("%s: %s", "pledge", strerror (errno));
+#endif
+
 	plugin_load_all_from_config (&ctx);
 	if (!parse_config (&ctx, &e)
 	 || !irc_connect (&ctx, &e))