commit 4c4167393a95834cdd3af280136c3a0a60752648
from: Omar Polo <op@omarpolo.com>
date: Fri Jan 01 12:03:04 2021 UTC

simplify unveil/pledge calls

commit - 6c6c7a0ed7de7ec3c4329c6f9892862a4f065451
commit + 4c4167393a95834cdd3af280136c3a0a60752648
blob - ac08b3ce0c488b0b2dd81301fc14ac0345feb7a4
blob + 6da052ae5219e4a7e46f498edd6cf3576e27a35f
--- gmid.c
+++ gmid.c
@@ -885,18 +885,16 @@ main(int argc, char **argv)
 	if (!foreground && daemon(0, 1) == -1)
 		exit(1);
 
-	if (cgi != NULL) {
-		if (unveil(dir, "rx") == -1)
-			err(1, "unveil");
-		if (pledge("stdio rpath inet proc exec", NULL) == -1)
-			err(1, "pledge");
-	} else {
-		if (unveil(dir, "r") == -1)
-			err(1, "unveil");
-		if (pledge("stdio rpath inet", NULL) == -1)
-			err(1, "pledge");
-	}
+	if (unveil(dir, "rx") == -1)
+		err(1, "unveil");
 
+	if (pledge("stdio rpath inet proc exec", NULL) == -1)
+		err(1, "pledge");
+
+	/* drop proc and exec if cgi isn't enabled */
+	if (cgi == NULL && pledge("stdio rpath inet", NULL) == -1)
+		err(1, "pledge");
+
 	loop(ctx, sock);
 
 	close(sock);