$OpenBSD: patch-src_hitch_c,v 1.4 2019/08/18 08:34:02 kn Exp $

Pledge oscp and worker processes.
Pledge the main process iff chroot(2) not used.

Index: src/hitch.c
--- src/hitch.c.orig
+++ src/hitch.c
@@ -3090,6 +3090,9 @@ start_workers(int start_index, int count)
 				    "Refusing to run workers as root.\n");
 				_exit(1);
 			}
+			if (pledge("stdio rpath inet dns", NULL) == -1)
+				fail("pledge");
+			LOGL("{core} pledge called (worker)\n");
 			handle_connections(pfd[0]);
 			exit(0);
 		} else { /* parent. Track new child. */
@@ -3115,6 +3118,9 @@ start_ocsp_proc(void)
 			    "Refusing to run workers as root.\n");
 			_exit(1);
 		}
+		if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1)
+			fail("pledge");
+		LOGL("{core} pledge called (ocsp)\n");
 		handle_ocsp_task();
 	}
 
@@ -3958,6 +3964,20 @@ main(int argc, char **argv)
 
 		AZ(VPF_Write(pfh));
 		atexit(remove_pfh);
+	}
+
+	if (!(CONFIG->CHROOT && CONFIG->CHROOT[0])) {
+		if (CONFIG->UID >= 0 || CONFIG->GID >= 0) {
+			if (pledge("stdio rpath wpath cpath inet dns getpw proc id",
+			   NULL) == -1)
+				fail("pledge");
+			LOGL("{core} pledge called (main, uid/gid)\n");
+		} else {
+			if (pledge("stdio rpath wpath cpath inet dns proc",
+			    NULL) == -1)
+				fail("pledge");
+			LOGL("{core} pledge called (main)\n");
+		}
 	}
 
 	start_workers(0, CONFIG->NCORES);
