From 4c4167393a95834cdd3af280136c3a0a60752648 Mon Sep 17 00:00:00 2001
From: Omar Polo <op@omarpolo.com>
Date: Fri, 1 Jan 2021 13:03:04 +0100
Subject: [PATCH] simplify unveil/pledge calls

---
 gmid.c | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/gmid.c b/gmid.c
index ac08b3c..6da052a 100644
--- a/gmid.c
+++ b/gmid.c
@@ -885,17 +885,15 @@ main(int argc, char **argv)
 	if (!foreground && daemon(0, 1) == -1)
 		exit(1);
 
-	if (cgi != NULL) {
-		if (unveil(dir, "rx") == -1)
-			err(1, "unveil");
-		if (pledge("stdio rpath inet proc exec", NULL) == -1)
-			err(1, "pledge");
-	} else {
-		if (unveil(dir, "r") == -1)
-			err(1, "unveil");
-		if (pledge("stdio rpath inet", NULL) == -1)
-			err(1, "pledge");
-	}
+	if (unveil(dir, "rx") == -1)
+		err(1, "unveil");
+
+	if (pledge("stdio rpath inet proc exec", NULL) == -1)
+		err(1, "pledge");
+
+	/* drop proc and exec if cgi isn't enabled */
+	if (cgi == NULL && pledge("stdio rpath inet", NULL) == -1)
+		err(1, "pledge");
 
 	loop(ctx, sock);