Hi,
I was wondering what are the views on having the pledge(2) promise
assembled (in a 3rd party app). Scanning through base and ports, I could
only find pledge(2) promises as constant string argument. I did assume
that it's the safest way to make sure that the promise can't be fiddled
with.
Since the app (Chrony) was not designed with pledge in mind, if became
more readable to assemble the promise string like:
(https://gitlab.com/chrony/chrony/-/commit/0ea7607358cc)
--- upstream commit 0ea76073 ---
if (snprintf(promises, sizeof (promises), "stdio%s%s%s%s",
needs_main_misc ? " rpath wpath cpath inet unix dns" : "",
needs_recvfd ? " recvfd" : "",
needs_sendfd ? " sendfd" : "",
needs_settime ? " settime" : "") >= sizeof (promises))
assert(0);
DEBUG_LOG("Pledging: %s", promises);
if (pledge(promises, NULL) < 0)
LOG_FATAL("pledge() failed");
---
Originally I stuck to the constant strings and Miroslav optimized it
after another change would have resulted in more complex if/else constructs.