On Wed, Aug 24, 2022 at 06:41:12PM -0600, Theo de Raadt wrote:
> argv += optind;
> argc -= optind;
>
> + if (pemmode) {
> + if (pledge("stdio rpath", NULL) == -1)
> + err(1, "pledge");
> +
>
>
> rpki-client is starting to develop quite a number of run-time "modes".
There are currently two (or if you count -V as a separate mode three).
Except for -V, extra arguments are handled correctly.
> I think it is time to add some checks (right around argc -=optind) to
> identify non-sensical combinations and not proceed.
That would make sense, but should probably be done independently of this
diff. I agree that this is currently a bit sloppy.
> Also, there should be no extra arguments.
You removed an argc > 1 check (which should have been argc > 0).
