In mandocdb.c it appears cmp(1) and rm(1) are executed in a child process. It seems that if the logic from these programs were duplicated the pledge in mandocdb.c could be further restricted and even not bother with forking.
Would such a change be pointless churn however? Both cmp(1) and rm(1) are simple programs and are pledge'd themselves. Not to mention the creation of the mandoc database is in itself a short lived process. To be clear I'm not proposing a change (indeed I have no diff) but rather I am simply curious to the opinion of others in the OpenBSD community. Kind regards, George
