On Fri, May 04, 2018 at 05:31:22PM +0200, Theo Buehler wrote: > On Fri, May 04, 2018 at 09:03:38AM +0200, Alexandre Ratchov wrote: > > On Thu, May 03, 2018 at 09:48:13PM +0200, Jesper Wallin wrote: > > > Hi all, > > > > > > I just noticed that aucat(1) is missing pledge. However, I'm aware that > > > aucat(1) is talking to sndiod(8), which is being pledged properly. But > > > seeing that programs like yes(1) is properly pledged, I don't see any > > > reason not to pledge aucat(1) as well, unless I'm missing something > > > obvious. > > > > > > > Thanks. The promise list to use audio and/or midi is in the > > sio_open(2) man page, so the following seem to be needed: stdio, > > audio, rpath, wpath, cpath, unix, inet, dns. > > > > aucat could be pledged() since the very beginning; imho this makes > > sense as the "risky" part is slot_new(), when file headers are parsed. > > > > While the last submitted patch looks correct to me, I wonder (rather > naively) if it would be possible to refactor in such a way that > slot_new() is called only after or from within dev_open(), so we can > drop the promises at least to "stdio rpath wpath cpath audio" at the > point where slot_new() is called for the -i or -o options.
slot_new() is used to determine device parameters, which are used to call dev_open(), so it must be called first. The only way to do this is to save the list of files and then open the device, then parse file headers, then configure the device. This is not trivial.
