On Wed, Mar 29, 2017 at 12:57:03AM +0200, Juan Francisco Cantero Hurtado wrote: > If you're a regular user of st, let me know if this patch works for you > or not. > > The patch was written by tb@.
I want just to share my feeling about the diff: too many pledge() calls. st is a terminal emulator, not a security program like doas(1). In general case, having one or two pledge() call should be enough. Else it could means it is pledged too early or the program is too complex (and/or not pledgeable). I am not saying the pledge calls are wrong, just it looks over-engineering. -- Sebastien Marie
