From 5243a7c95529e712a028b8a7ec2a5d1a83b66cdc Mon Sep 17 00:00:00 2001
From: Andinus <andinus@nand.sh>
Date: Wed, 8 Apr 2020 18:00:26 +0530
Subject: Use stricter pledge promises if possible

---
 main_openbsd.go | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/main_openbsd.go b/main_openbsd.go
index 7d466ee..7bbe995 100644
--- a/main_openbsd.go
+++ b/main_openbsd.go
@@ -10,15 +10,22 @@ import (
 )
 
 func main() {
-	err := unix.PledgePromises("unveil stdio rpath")
-	panicOnErr(err)
-
-	unveil()
-
-	// Drop unveil from promises.
-	err = unix.PledgePromises("stdio rpath")
-	panicOnErr(err)
-
+	// We need less permissions on these conditions.
+	if len(os.Args) == 1 ||
+		os.Args[1] == "version" ||
+		os.Args[1] == "env" {
+		err := unix.PledgePromises("stdio")
+		panicOnErr(err)
+	} else {
+		err := unix.PledgePromises("unveil stdio rpath")
+		panicOnErr(err)
+
+		unveil()
+
+		// Drop unveil from promises.
+		err = unix.PledgePromises("stdio rpath")
+		panicOnErr(err)
+	}
 	grus()
 }
 
-- 
cgit 1.4.1-2-gfad0