From 3849f2ba51596fed7444afe5f442f919eb9e5b0b Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Thu, 8 Jul 2021 19:05:28 -0600
Subject: [PATCH] switch to using ReducePledges

---
 go.mod  | 2 +-
 go.sum  | 4 ++--
 main.go | 9 ++++++---
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index bbe6119..89d9c8a 100644
--- a/go.mod
+++ b/go.mod
@@ -5,5 +5,5 @@ go 1.16
 require (
 	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
 	golang.org/x/net v0.0.0-20210510120150-4163338589ed
-	suah.dev/protect v1.0.0
+	suah.dev/protect v1.1.0
 )
diff --git a/go.sum b/go.sum
index 7a06127..9fe5e47 100644
--- a/go.sum
+++ b/go.sum
@@ -12,5 +12,5 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-suah.dev/protect v1.0.0 h1:X8pzDvDIZIiugmkmr6DES6JFO1XUdJWi34Ffmk6CMZY=
-suah.dev/protect v1.0.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=
+suah.dev/protect v1.1.0 h1:C24D67UlFap5t/A29Meo7V7xLdjkaFAxSQMa5yG8sS4=
+suah.dev/protect v1.1.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=
diff --git a/main.go b/main.go
index 88c6bb3..6663bf5 100644
--- a/main.go
+++ b/main.go
@@ -70,6 +70,8 @@ var (
 	users      map[string]string
 )
 
+var pledges = "stdio wpath rpath cpath tty inet dns unveil"
+
 func init() {
 	users = make(map[string]string)
 	handlers = make(map[string]userHandlers)
@@ -92,7 +94,7 @@ func init() {
 	_ = protect.Unveil(davDir, "rwc")
 	_ = protect.Unveil("/etc/ssl/cert.pem", "r")
 	_ = protect.Unveil("/etc/resolv.conf", "r")
-	_ = protect.Pledge("stdio wpath rpath cpath tty inet dns unveil")
+	_ = protect.Pledge(pledges)
 
 	templ, err = template.New("landing").Parse(landingPage)
 	if err != nil {
@@ -157,7 +159,7 @@ func prompt(prompt string, secure bool) (string, error) {
 }
 
 func main() {
-	_ = protect.Pledge("stdio wpath rpath cpath inet dns unveil")
+	var pledges = "stdio wpath rpath cpath tty inet dns unveil"
 
 	if genHtpass {
 		user, err := prompt("Username: ", false)
@@ -190,10 +192,11 @@ func main() {
 
 		os.Exit(0)
 	}
+	pledges, _ = protect.ReducePledges(pledges, "tty")
 
 	// drop to only read on passPath
 	_ = protect.Unveil(passPath, "r")
-	_ = protect.Pledge("stdio wpath rpath cpath inet dns")
+	pledges, _ = protect.ReducePledges(pledges, "unveil")
 
 	_, fErr := os.Stat(passPath)
 	if os.IsNotExist(fErr) {