On Thu, Sep 07, 2023 at 11:30:11PM -0400, Thomas Frohwein wrote: > Very basic pledge(2) for the whole program. I didn't dive too much into > the details and maybe this can be refined some more. This is kind of a > product of me trying a tool I made `abstain` [1] for usefulness of > pledge(2) execpromises and it helped quickly find that xeyes(1) can run > with a very limited set of promises. I tested all permutations of > running xeyes(1) that are listed in the man page and none of them break > with this configuration. > > ok to add? > > [1] https://github.com/rfht/abstain > > Index: xeyes.c > =================================================================== > RCS file: /cvs/xenocara/app/xeyes/xeyes.c,v > retrieving revision 1.5 > diff -u -p -r1.5 xeyes.c > --- xeyes.c 29 Aug 2021 17:50:32 -0000 1.5 > +++ xeyes.c 8 Sep 2023 03:23:51 -0000 > @@ -38,6 +38,8 @@ from the X Consortium. > #include "Eyes.h" > #include <stdio.h> > #include <stdlib.h> > +#include <unistd.h> > +#include <err.h> > #include "eyes.bit" > #include "eyesmask.bit" > > @@ -111,6 +113,8 @@ main(int argc, char **argv) > Arg arg[2]; > Cardinal i; > > + if(pledge("stdio rpath unix prot_exec", NULL) == -1) > + err(1, "pledge");
Why is prot_exec needed here? > XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL); > > toplevel = XtAppInitialize(&app_context, "XEyes", -Bryan.
