From: Stefan Sperling Subject: Re: got/tog/gotadmin: pledge earlier To: Omar Polo Cc: gameoftrees@openbsd.org Date: Mon, 13 Feb 2023 15:20:48 +0100 On Mon, Feb 13, 2023 at 02:32:00PM +0100, Omar Polo wrote: > On 2023/02/13 12:58:52 +0100, Stefan Sperling wrote: > > On Mon, Feb 13, 2023 at 11:03:57AM +0100, Omar Polo wrote: > > > we're alreading doing this in some places, so let's do it > > > consistently. It's almost a mechanical diff, i've checked each case > > > however to make sure we don't do operations not covered by the set of > > > pledge promises in the getopt loop. The only "real" work done > > > sometimes is realpath(3), which is covered by rpath. > > > > Fine with me, consistency is good. > > > > I believe there was some concern about running setlocale() and > > initscr() (from ncurses) under pledge. So we are probably already > > pledging too early in some cases, with or without your diff. > > Since everything is working as expected this is not a big deal, > > just something to keep in mind for later. > > well, tog already runs all ncurses under pledge. Indeed. It's always done so. It's just that in the back of my mind there is a TODO item to change this. > I forgot about > setlocale, and yes, this moves setlocale in tog under pledge. Both > got and gotadmin have setlocale before pledge, gotsh doesn't call it > and gotctl has setlocale outside pledge too. > > if you prefer i can move setlocale() in tog before pledge too. I suspect that calling setlocale() outside of pledge() might help prevent future breakage, so yes.