From 6e5f6943f8d3bdd86ed190d34e4f7b1028a1b005 Mon Sep 17 00:00:00 2001
From: Klemens Nanni <kn@openbsd.org>
Date: Sat, 27 Jan 2024 06:44:35 +0100
Subject: [PATCH] Hoist control socket handling, restrict runtime on OpenBSD

Use pledge(2) to prevent fork/exec, filesystem access and other
unused subsets of system calls, effectively leaving only shared
memory and networking capabilities at runtime.

(Those might be further reduced, but that warrants further analysis
 and most likely more code shuffling.)
---
 nqptp.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nqptp.c b/nqptp.c
index 88cf939..73b0d66 100644
--- a/nqptp.c
+++ b/nqptp.c
@@ -131,6 +131,11 @@ void termHandler(__attribute__((unused)) int k) {
 }
 
 int main(int argc, char **argv) {
+#ifdef CONFIG_FOR_OPENBSD
+  if (pledge("stdio rpath tmppath inet dns id", NULL) == -1) {
+    die("pledge: %s", strerror(errno));
+  }
+#endif
 
   int debug_level = 0;
   int i;
@@ -215,6 +220,10 @@ int main(int argc, char **argv) {
       setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
     die("cannot drop privileges to %s", shairport_user);
   }
+
+  if (pledge("stdio tmppath inet dns", NULL) == -1) {
+    die("pledge: %s", strerror(errno));
+  }
 #endif
 
   // open the SMI