On Fri, May 04, 2018 at 09:03:38AM +0200, Alexandre Ratchov wrote: > On Thu, May 03, 2018 at 09:48:13PM +0200, Jesper Wallin wrote: > > Hi all, > > > > I just noticed that aucat(1) is missing pledge. However, I'm aware that > > aucat(1) is talking to sndiod(8), which is being pledged properly. But > > seeing that programs like yes(1) is properly pledged, I don't see any > > reason not to pledge aucat(1) as well, unless I'm missing something > > obvious. > > > > Thanks. The promise list to use audio and/or midi is in the > sio_open(2) man page, so the following seem to be needed: stdio, > audio, rpath, wpath, cpath, unix, inet, dns. > > aucat could be pledged() since the very beginning; imho this makes > sense as the "risky" part is slot_new(), when file headers are parsed. >
While the last submitted patch looks correct to me, I wonder (rather naively) if it would be possible to refactor in such a way that slot_new() is called only after or from within dev_open(), so we can drop the promises at least to "stdio rpath wpath cpath audio" at the point where slot_new() is called for the -i or -o options.
