Very basic pledge(2) for the whole program. I didn't dive too much into the details and maybe this can be refined some more. This is kind of a product of me trying a tool I made `abstain` [1] for usefulness of pledge(2) execpromises and it helped quickly find that xeyes(1) can run with a very limited set of promises. I tested all permutations of running xeyes(1) that are listed in the man page and none of them break with this configuration.
ok to add? [1] https://github.com/rfht/abstain Index: xeyes.c =================================================================== RCS file: /cvs/xenocara/app/xeyes/xeyes.c,v retrieving revision 1.5 diff -u -p -r1.5 xeyes.c --- xeyes.c 29 Aug 2021 17:50:32 -0000 1.5 +++ xeyes.c 8 Sep 2023 03:23:51 -0000 @@ -38,6 +38,8 @@ from the X Consortium. #include "Eyes.h" #include <stdio.h> #include <stdlib.h> +#include <unistd.h> +#include <err.h> #include "eyes.bit" #include "eyesmask.bit" @@ -111,6 +113,8 @@ main(int argc, char **argv) Arg arg[2]; Cardinal i; + if(pledge("stdio rpath unix prot_exec", NULL) == -1) + err(1, "pledge"); XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL); toplevel = XtAppInitialize(&app_context, "XEyes",
