On Wed, May 18, 2016 at 06:50:15PM +0200, Kamil Cholewiński wrote:
> +#if defined(__OpenBSD__)
> + if (pledge("stdio rpath dns unix prot_exec proc exec", NULL) < 0) {
> + die("pledge\n");
> + }
> +#endif
Independent of whether the functionality is desired, you probably want
to implement it along the lines of:
#ifndef __OpenBSD__
int pledge(const char *promises, const char *paths[]) { return 0; }
#endif
This way you won't clutter all the call sites and they are at least
compile tested on all platforms.
Also because you always die upon failure you might want to introduce
an xpledge(...) wrapper which could also print a more descriptive error
message (pledging for which resource failed).
--
Marc André Tanner >< http://www.brain-dump.org/ >< GPG key: 10C93617
Received on Wed May 18 2016 - 20:25:47 CEST