Hi, Sebastien Marie wrote on Tue, Oct 25, 2016 at 08:46:10AM +0200: > On Mon, Oct 24, 2016 at 01:31:35PM -0600, Matthieu Herrb wrote:
>> CVSROOT: /cvs >> Module name: xenocara >> Changes by: [email protected] 2016/10/24 13:31:35 >> >> Modified files: >> app/xterm : Makefile xterm.man xtermcfg.h >> >> Log message: >> Disable Tektronics 4014 emulation. ok natano@, naddy@, schwarze@ > With the disabling of Tektronics emulation, the pledge(2) promises could > be reduced a bit: no more "cpath" should be required. > > The commit message for 1.35 which introduced pledge(2) in xterm(1) > stated that "cpath" was for Tek emulation window. I also reviewed > several functions for ensuring no others use of "cpath" after pledging. > > Ideally, additionnal review would be welcome: xterm(1) is a big program, > and #ifdef maze is a bit complex to follow :) Basic review confirms that this is likely correct: * O_CREAT is only used in misc.c, and apart from #ifdef VMS, only in creat_as(), which is called - from main.c only for if_DEBUG (off by default) - from misc.c, open_userfile, StartLog only for #ifdef ALLOWLOGGIN (off by default) * mk[dos]*temp(3) is only called from misc.c, but only for !HAVE_LIB_XCURSOR (on by default) or from StartLog (see above) * link, symlink, unlink, rename, mkdir, rmdir and the *at variants are not called * remove(3) - which may call rmdir tmpfile(3) - which may call unlink not called However, i have no idea how to audit this mess: LDADD+= -L${X11BASE}/lib -lXaw -lXpm -lXt -lSM -lICE -lXmu \ -lXft -lXrender -lXinerama -lX11 -lxcb -lXext -lXau -lXdmcp \ -lfontconfig -lexpat -lfreetype -lutil -ltermcap -lz No doubt there are uses of link, symlink, unlink, rename, mkdir, rmdir or O_CREAT somewhere in there, but making sure they are not reachable from xterm(1) does not seem feasible. Personally, i wouldn't wish that xterm(1) created, deleted or moved files or directories by using X library interfaces - but who knows? Unsurprisingly, xterm(1) still works for me. Should we just put it in? I think we are still far enough away from the 6.1 release. If people report that some arcane feature stops working, a decision can be made whether it should or should not work. Yours, Ingo > Index: main.c > =================================================================== > RCS file: /cvs/xenocara/app/xterm/main.c,v > retrieving revision 1.39 > diff -u -p -r1.39 main.c > --- main.c 7 Aug 2016 21:27:36 -0000 1.39 > +++ main.c 25 Oct 2016 06:41:00 -0000 > @@ -2634,12 +2634,12 @@ main(int argc, char *argv[]ENVP_ARG) > if (data && > (strstr(data, "exec-formatted") || strstr(data, > "exec-selectable"))) { > > - if (pledge("stdio rpath wpath cpath id proc exec tty", NULL) == > -1) { > + if (pledge("stdio rpath wpath id proc exec tty", NULL) == -1) { > xtermWarning("pledge\n"); > exit(1); > } > } else { > - if (pledge("stdio rpath wpath cpath id proc tty", NULL) == -1) { > + if (pledge("stdio rpath wpath id proc tty", NULL) == -1) { > xtermWarning("pledge\n"); > exit(1); > }
