Theo de Raadt <[email protected]> writes: >> Must say the forking and piping seems to be a bit silly for a program >> like this. Certainly adds alot of complexity. Why not simply call >> opendev up front for each filesystem, creating a list of names and >> filedescriptors before you pledge, and then iterate over that list >> afterwards? >> >> KISS > > I don't think that is a simple refactoring. > > And, file descriptor limits. > > The other option is to not pledge. But the pledge has a real purpose > here, to protect the program against hostile input from the disk. > dumpfs(8) is similar to file(1), a program one runs to make sure > something you got isn't hostile. Same reason I added pledge to fsck > and family. > > Oddly, the synopsis for dumpfs does not say it supports multiple optarg.
The easiest fix would be to stop supporting multiple arguments, I think. After all, this feature isn't documented, it needs changes to work nicely with pledge and... what is the use case for dumpfs sd1a sd3e wd0n? -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
