From 8fa5dc7241845858fa95fbc69b2b527baf224eb4 Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Mon, 22 Nov 2021 20:41:58 +0000
Subject: [PATCH] js: Use pledge()

It is now no longer possible to make network connections from a hijacked
js(1) :^)
---
 Userland/Utilities/js.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Userland/Utilities/js.cpp b/Userland/Utilities/js.cpp
index 9844c2c454..5b5cf5934e 100644
--- a/Userland/Utilities/js.cpp
+++ b/Userland/Utilities/js.cpp
@@ -61,6 +61,7 @@
 #include <LibJS/Runtime/Value.h>
 #include <LibLine/Editor.h>
 #include <LibMain/Main.h>
+#include <LibSystem/Wrappers.h>
 #include <fcntl.h>
 #include <signal.h>
 #include <stdio.h>
@@ -1105,6 +1106,10 @@ public:
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
+#ifdef __serenity__
+    TRY(System::pledge("stdio rpath wpath cpath tty sigaction", nullptr));
+#endif
+
     bool gc_on_every_allocation = false;
     bool disable_syntax_highlight = false;
     Vector<String> script_paths;