On Mon, Feb 13, 2023 at 02:32:00PM +0100, Omar Polo wrote:
> On 2023/02/13 12:58:52 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> > On Mon, Feb 13, 2023 at 11:03:57AM +0100, Omar Polo wrote:
> > > we're alreading doing this in some places, so let's do it
> > > consistently.  It's almost a mechanical diff, i've checked each case
> > > however to make sure we don't do operations not covered by the set of
> > > pledge promises in the getopt loop.  The only "real" work done
> > > sometimes is realpath(3), which is covered by rpath.
> > 
> > Fine with me, consistency is good.
> > 
> > I believe there was some concern about running setlocale() and
> > initscr() (from ncurses) under pledge. So we are probably already
> > pledging too early in some cases, with or without your diff. 
> > Since everything is working as expected this is not a big deal,
> > just something to keep in mind for later.
> 
> well, tog already runs all ncurses under pledge.

Indeed. It's always done so. It's just that in the back of my mind
there is a TODO item to change this.

> I forgot about
> setlocale, and yes, this moves setlocale in tog under pledge.  Both
> got and gotadmin have setlocale before pledge, gotsh doesn't call it
> and gotctl has setlocale outside pledge too.
> 
> if you prefer i can move setlocale() in tog before pledge too.

I suspect that calling setlocale() outside of pledge() might help
prevent future breakage, so yes.