UPDATE: x11/st pledge()

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: x11/st pledge()

Juan Francisco Cantero Hurtado
If you're a regular user of st, let me know if this patch works for you
or not.

The patch was written by tb@.


Index: Makefile
===================================================================
RCS file: /var/cvs/ports/x11/st/Makefile,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile
--- Makefile 9 Oct 2016 18:47:49 -0000 1.13
+++ Makefile 28 Mar 2017 10:17:30 -0000
@@ -3,6 +3,7 @@
 COMMENT= simple X terminal
 
 DISTNAME= st-0.7
+REVISION= 0
 
 CATEGORIES= x11
 
@@ -13,6 +14,7 @@ MAINTAINER= Joerg Jung <[hidden email]
 # MIT/X Consortium License
 PERMIT_PACKAGE_CDROM= Yes
 
+# uses pledge()
 WANTLIB= c m util X11 Xft fontconfig freetype z
 
 MASTER_SITES= http://dl.suckless.org/st/
Index: patches/patch-config_mk
===================================================================
RCS file: /var/cvs/ports/x11/st/patches/patch-config_mk,v
retrieving revision 1.8
diff -u -p -r1.8 patch-config_mk
--- patches/patch-config_mk 9 Oct 2016 18:47:49 -0000 1.8
+++ patches/patch-config_mk 28 Mar 2017 10:27:29 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-config_mk,v 1.8 2016/10/09 18:47:49 czarkoff Exp $
---- config.mk.orig Sat Oct  8 21:48:48 2016
-+++ config.mk Sat Oct  8 21:50:30 2016
+--- config.mk.orig Thu Aug 11 16:25:58 2016
++++ config.mk Tue Mar 28 12:27:10 2017
 @@ -4,24 +4,21 @@ VERSION = 0.7
  # Customize below to fit your system
 
@@ -27,9 +27,10 @@ $OpenBSD: patch-config_mk,v 1.8 2016/10/
 +LIBS +!= pkg-config --libs fontconfig
 
  # flags
- CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
+-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
 -CFLAGS += -g -std=c99 -pedantic -Wall -Wvariadic-macros -Os ${INCS} ${CPPFLAGS}
 -LDFLAGS += -g ${LIBS}
++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
 +CFLAGS += -std=c99 ${INCS} ${CPPFLAGS}
 +LDFLAGS += ${LIBS}
 
Index: patches/patch-st_c
===================================================================
RCS file: patches/patch-st_c
diff -N patches/patch-st_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-st_c 28 Mar 2017 10:59:38 -0000
@@ -0,0 +1,48 @@
+$OpenBSD$
+--- st.c.orig Thu Aug 11 16:25:58 2016
++++ st.c Tue Mar 28 12:59:33 2017
+@@ -1328,6 +1328,10 @@ execsh(void)
+ const struct passwd *pw;
+ char buf[sizeof(long) * 8 + 1];
+
++ if (pledge("stdio proc exec getpw", NULL) == -1) {
++ die("pledge\n");
++ }
++
+ errno = 0;
+ if ((pw = getpwuid(getuid())) == NULL) {
+ if (errno)
+@@ -1336,6 +1340,10 @@ execsh(void)
+ die("who are you?\n");
+ }
+
++ if (pledge("stdio proc exec", NULL) == -1) {
++ die("pledge\n");
++ }
++
+ if ((sh = getenv("SHELL")) == NULL)
+ sh = (pw->pw_shell[0]) ? pw->pw_shell : shell;
+
+@@ -1457,6 +1465,8 @@ ttynew(void)
+ execsh();
+ break;
+ default:
++ if (pledge("stdio rpath wpath tty", NULL) == -1)
++ die("pledge\n");
+ close(s);
+ cmdfd = m;
+ signal(SIGCHLD, sigchld);
+@@ -4397,6 +4407,13 @@ run:
+ tnew(MAX(cols, 1), MAX(rows, 1));
+ xinit();
+ selinit();
++ if (!opt_io || !strcmp(opt_io, "-")) {
++ if (pledge("stdio rpath wpath getpw proc exec tty", NULL) == -1)
++ die("pledge\n");
++ } else {
++ if (pledge("stdio rpath wpath cpath getpw proc exec tty", NULL) == -1)
++ die("pledge\n");
++ }
+ run();
+
+ return 0;

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Gleydson Soares-3
Hi Juan,

> If you're a regular user of st, let me know if this patch works for you
> or not.
>
> The patch was written by tb@.

I've no comments about this patch itself, but it would be nice wrap
these pledge() calls with #ifdef __OpenBSD__ and try to get it merged
upstream, as net/ii and net/sic.

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Jeremie Courreges-Anglas-2
Gleydson Soares <[hidden email]> writes:

> Hi Juan,
>
>> If you're a regular user of st, let me know if this patch works for you
>> or not.
>>
>> The patch was written by tb@.
>
> I've no comments about this patch itself, but it would be nice wrap
> these pledge() calls with #ifdef __OpenBSD__ and try to get it merged
> upstream, as net/ii and net/sic.

*bzzzt*, wrong.  #ifdef __OpenBSD__ is a crappy solution.

If upstream has an autoconf-like mechanism, better wrap this in
#ifdef HAVE_PLEDGE statements.  If not, better keep local patches, at
least we can easily keep track of them.

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Gleydson Soares-3
> If upstream has an autoconf-like mechanism, better wrap this in
> #ifdef HAVE_PLEDGE statements.  If not, better keep local patches, at
> least we can easily keep track of them.

sure, meanwhile we should also send it upstream and protecting these
calls by adding #ifdef is ok to make consistency with other suckless
tools. ii and sic pledge() patches have been merged:
http://git.suckless.org/ii/commit/?id=584290f2642eeacbe1b24e7174e49139d6787252
http://git.suckless.org/sic/commit/?id=9bb34de449c8f22d869a6f3794107ed25d37c7c1

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Jeremie Courreges-Anglas-2
Gleydson Soares <[hidden email]> writes:

>> If upstream has an autoconf-like mechanism, better wrap this in
>> #ifdef HAVE_PLEDGE statements.  If not, better keep local patches, at
>> least we can easily keep track of them.
>
> sure, meanwhile we should also send it upstream and protecting these
> calls by adding #ifdef is ok to make consistency with other suckless
> tools. ii and sic pledge() patches have been merged:
> http://git.suckless.org/ii/commit/?id=584290f2642eeacbe1b24e7174e49139d6787252
> http://git.suckless.org/sic/commit/?id=9bb34de449c8f22d869a6f3794107ed25d37c7c1

eww...

Making it consistent with existing bad practices is not a good thing.
People should check for features like "does this OS provide pledge?"
instead of dumb OS checks.  This really feels like the 80's.

The approach used in the commits above is just this, bad practices, and
I don't feel like we should encourage it by sending similar patches.

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Juan Francisco Cantero Hurtado
On Wed, Mar 29, 2017 at 03:05:51AM +0200, Jeremie Courreges-Anglas wrote:

> Gleydson Soares <[hidden email]> writes:
>
> >> If upstream has an autoconf-like mechanism, better wrap this in
> >> #ifdef HAVE_PLEDGE statements.  If not, better keep local patches, at
> >> least we can easily keep track of them.
> >
> > sure, meanwhile we should also send it upstream and protecting these
> > calls by adding #ifdef is ok to make consistency with other suckless
> > tools. ii and sic pledge() patches have been merged:
> > http://git.suckless.org/ii/commit/?id=584290f2642eeacbe1b24e7174e49139d6787252
> > http://git.suckless.org/sic/commit/?id=9bb34de449c8f22d869a6f3794107ed25d37c7c1
>
> eww...
>
> Making it consistent with existing bad practices is not a good thing.
> People should check for features like "does this OS provide pledge?"
> instead of dumb OS checks.  This really feels like the 80's.

You need rebuild the package just to change the terminal colors. I guess
that asking for a configure script is a lot for them :P

>
> The approach used in the commits above is just this, bad practices, and
> I don't feel like we should encourage it by sending similar patches.
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
>

--
Juan Francisco Cantero Hurtado http://juanfra.info

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Sebastien Marie-3
In reply to this post by Juan Francisco Cantero Hurtado
On Wed, Mar 29, 2017 at 12:57:03AM +0200, Juan Francisco Cantero Hurtado wrote:
> If you're a regular user of st, let me know if this patch works for you
> or not.
>
> The patch was written by tb@.

I want just to share my feeling about the diff: too many pledge() calls.

st is a terminal emulator, not a security program like doas(1).

In general case, having one or two pledge() call should be enough. Else
it could means it is pledged too early or the program is too complex
(and/or not pledgeable).

I am not saying the pledge calls are wrong, just it looks
over-engineering.

--
Sebastien Marie

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Juan Francisco Cantero Hurtado
In reply to this post by Juan Francisco Cantero Hurtado
New patch by tb@ and semarie@.


Index: Makefile
===================================================================
RCS file: /var/cvs/ports/x11/st/Makefile,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile
--- Makefile 9 Oct 2016 18:47:49 -0000 1.13
+++ Makefile 28 Mar 2017 10:17:30 -0000
@@ -3,6 +3,7 @@
 COMMENT= simple X terminal
 
 DISTNAME= st-0.7
+REVISION= 0
 
 CATEGORIES= x11
 
@@ -13,6 +14,7 @@ MAINTAINER= Joerg Jung <[hidden email]
 # MIT/X Consortium License
 PERMIT_PACKAGE_CDROM= Yes
 
+# uses pledge()
 WANTLIB= c m util X11 Xft fontconfig freetype z
 
 MASTER_SITES= http://dl.suckless.org/st/
Index: patches/patch-config_mk
===================================================================
RCS file: /var/cvs/ports/x11/st/patches/patch-config_mk,v
retrieving revision 1.8
diff -u -p -r1.8 patch-config_mk
--- patches/patch-config_mk 9 Oct 2016 18:47:49 -0000 1.8
+++ patches/patch-config_mk 28 Mar 2017 10:27:29 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-config_mk,v 1.8 2016/10/09 18:47:49 czarkoff Exp $
---- config.mk.orig Sat Oct  8 21:48:48 2016
-+++ config.mk Sat Oct  8 21:50:30 2016
+--- config.mk.orig Thu Aug 11 16:25:58 2016
++++ config.mk Tue Mar 28 12:27:10 2017
 @@ -4,24 +4,21 @@ VERSION = 0.7
  # Customize below to fit your system
 
@@ -27,9 +27,10 @@ $OpenBSD: patch-config_mk,v 1.8 2016/10/
 +LIBS +!= pkg-config --libs fontconfig
 
  # flags
- CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
+-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
 -CFLAGS += -g -std=c99 -pedantic -Wall -Wvariadic-macros -Os ${INCS} ${CPPFLAGS}
 -LDFLAGS += -g ${LIBS}
++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
 +CFLAGS += -std=c99 ${INCS} ${CPPFLAGS}
 +LDFLAGS += ${LIBS}
 
Index: patches/patch-st_c
===================================================================
RCS file: patches/patch-st_c
diff -N patches/patch-st_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-st_c 29 Mar 2017 12:21:05 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+--- st.c.orig Thu Aug 11 16:25:58 2016
++++ st.c Wed Mar 29 14:20:44 2017
+@@ -1454,9 +1454,15 @@ ttynew(void)
+ die("ioctl TIOCSCTTY failed: %s\n", strerror(errno));
+ close(s);
+ close(m);
++
++ if (pledge("stdio getpw proc exec", NULL) == -1)
++ die("pledge\n");
++
+ execsh();
+ break;
+ default:
++ if (pledge("stdio rpath tty", NULL) == -1)
++ die("pledge\n");
+ close(s);
+ cmdfd = m;
+ signal(SIGCHLD, sigchld);

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Joerg Jung
In reply to this post by Jeremie Courreges-Anglas-2


> Am 29.03.2017 um 03:05 schrieb Jeremie Courreges-Anglas <[hidden email]>:
>
> Gleydson Soares <[hidden email]> writes:
>
>>> If upstream has an autoconf-like mechanism, better wrap this in
>>> #ifdef HAVE_PLEDGE statements.  If not, better keep local patches, at
>>> least we can easily keep track of them.
>>
>> sure, meanwhile we should also send it upstream and protecting these
>> calls by adding #ifdef is ok to make consistency with other suckless
>> tools. ii and sic pledge() patches have been merged:
>> http://git.suckless.org/ii/commit/?id=584290f2642eeacbe1b24e7174e49139d6787252
>> http://git.suckless.org/sic/commit/?id=9bb34de449c8f22d869a6f3794107ed25d37c7c1
>
> eww...
>
> Making it consistent with existing bad practices is not a good thing.
> People should check for features like "does this OS provide pledge?"
> instead of dumb OS checks.  This really feels like the 80's.

suckless.org community is different. They seem to like the 80s ;)
They will likely never add any automatic feature checks.

> The approach used in the commits above is just this, bad practices, and
> I don't feel like we should encourage it by sending similar patches.

This is ports not base. Upstream has the right to decide on coding style
and practice. Spreading wider usage of pledge() is a good thing, IMHO.

> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
>

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Joerg Jung
In reply to this post by Juan Francisco Cantero Hurtado

> Am 29.03.2017 um 22:07 schrieb Juan Francisco Cantero Hurtado <[hidden email]>:
>
> New patch by tb@ and semarie@.

Diff and patch looks good to me. So ok jung@

However, this should be submitted to upstream;
and yes, they will likely just wrap the patch in #ifdef's

>
> Index: Makefile
> ===================================================================
> RCS file: /var/cvs/ports/x11/st/Makefile,v
> retrieving revision 1.13
> diff -u -p -r1.13 Makefile
> --- Makefile    9 Oct 2016 18:47:49 -0000    1.13
> +++ Makefile    28 Mar 2017 10:17:30 -0000
> @@ -3,6 +3,7 @@
> COMMENT=        simple X terminal
>
> DISTNAME=        st-0.7
> +REVISION=        0
>
> CATEGORIES=        x11
>
> @@ -13,6 +14,7 @@ MAINTAINER=        Joerg Jung <[hidden email]
> # MIT/X Consortium License
> PERMIT_PACKAGE_CDROM=    Yes
>
> +# uses pledge()
> WANTLIB=        c m util X11 Xft fontconfig freetype z
>
> MASTER_SITES=        http://dl.suckless.org/st/
> Index: patches/patch-config_mk
> ===================================================================
> RCS file: /var/cvs/ports/x11/st/patches/patch-config_mk,v
> retrieving revision 1.8
> diff -u -p -r1.8 patch-config_mk
> --- patches/patch-config_mk    9 Oct 2016 18:47:49 -0000    1.8
> +++ patches/patch-config_mk    28 Mar 2017 10:27:29 -0000
> @@ -1,6 +1,6 @@
> $OpenBSD: patch-config_mk,v 1.8 2016/10/09 18:47:49 czarkoff Exp $
> ---- config.mk.orig    Sat Oct  8 21:48:48 2016
> -+++ config.mk    Sat Oct  8 21:50:30 2016
> +--- config.mk.orig    Thu Aug 11 16:25:58 2016
> ++++ config.mk    Tue Mar 28 12:27:10 2017
> @@ -4,24 +4,21 @@ VERSION = 0.7
>  # Customize below to fit your system
>
> @@ -27,9 +27,10 @@ $OpenBSD: patch-config_mk,v 1.8 2016/10/
> +LIBS +!= pkg-config --libs fontconfig
>
>  # flags
> - CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
> +-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
> -CFLAGS += -g -std=c99 -pedantic -Wall -Wvariadic-macros -Os ${INCS} ${CPPFLAGS}
> -LDFLAGS += -g ${LIBS}
> ++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
> +CFLAGS += -std=c99 ${INCS} ${CPPFLAGS}
> +LDFLAGS += ${LIBS}
>
> Index: patches/patch-st_c
> ===================================================================
> RCS file: patches/patch-st_c
> diff -N patches/patch-st_c
> --- /dev/null    1 Jan 1970 00:00:00 -0000
> +++ patches/patch-st_c    29 Mar 2017 12:21:05 -0000
> @@ -0,0 +1,19 @@
> +$OpenBSD$
> +--- st.c.orig    Thu Aug 11 16:25:58 2016
> ++++ st.c    Wed Mar 29 14:20:44 2017
> +@@ -1454,9 +1454,15 @@ ttynew(void)
> +            die("ioctl TIOCSCTTY failed: %s\n", strerror(errno));
> +        close(s);
> +        close(m);
> ++
> ++        if (pledge("stdio getpw proc exec", NULL) == -1)
> ++            die("pledge\n");
> ++
> +        execsh();
> +        break;
> +    default:
> ++        if (pledge("stdio rpath tty", NULL) == -1)
> ++            die("pledge\n");
> +        close(s);
> +        cmdfd = m;
> +        signal(SIGCHLD, sigchld);

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Joerg Jung


> Am 30.03.2017 um 13:00 schrieb Joerg Jung <[hidden email]>:
>
>
>> Am 29.03.2017 um 22:07 schrieb Juan Francisco Cantero Hurtado <[hidden email]>:
>>
>> New patch by tb@ and semarie@.
>
> Diff and patch looks good to me. So ok jung@

...for after lock of course

> However, this should be submitted to upstream;
> and yes, they will likely just wrap the patch in #ifdef's
>
>>
>> Index: Makefile
>> ===================================================================
>> RCS file: /var/cvs/ports/x11/st/Makefile,v
>> retrieving revision 1.13
>> diff -u -p -r1.13 Makefile
>> --- Makefile    9 Oct 2016 18:47:49 -0000    1.13
>> +++ Makefile    28 Mar 2017 10:17:30 -0000
>> @@ -3,6 +3,7 @@
>> COMMENT=        simple X terminal
>>
>> DISTNAME=        st-0.7
>> +REVISION=        0
>>
>> CATEGORIES=        x11
>>
>> @@ -13,6 +14,7 @@ MAINTAINER=        Joerg Jung <[hidden email]
>> # MIT/X Consortium License
>> PERMIT_PACKAGE_CDROM=    Yes
>>
>> +# uses pledge()
>> WANTLIB=        c m util X11 Xft fontconfig freetype z
>>
>> MASTER_SITES=        http://dl.suckless.org/st/
>> Index: patches/patch-config_mk
>> ===================================================================
>> RCS file: /var/cvs/ports/x11/st/patches/patch-config_mk,v
>> retrieving revision 1.8
>> diff -u -p -r1.8 patch-config_mk
>> --- patches/patch-config_mk    9 Oct 2016 18:47:49 -0000    1.8
>> +++ patches/patch-config_mk    28 Mar 2017 10:27:29 -0000
>> @@ -1,6 +1,6 @@
>> $OpenBSD: patch-config_mk,v 1.8 2016/10/09 18:47:49 czarkoff Exp $
>> ---- config.mk.orig    Sat Oct  8 21:48:48 2016
>> -+++ config.mk    Sat Oct  8 21:50:30 2016
>> +--- config.mk.orig    Thu Aug 11 16:25:58 2016
>> ++++ config.mk    Tue Mar 28 12:27:10 2017
>> @@ -4,24 +4,21 @@ VERSION = 0.7
>> # Customize below to fit your system
>>
>> @@ -27,9 +27,10 @@ $OpenBSD: patch-config_mk,v 1.8 2016/10/
>> +LIBS +!= pkg-config --libs fontconfig
>>
>> # flags
>> - CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
>> +-CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600
>> -CFLAGS += -g -std=c99 -pedantic -Wall -Wvariadic-macros -Os ${INCS} ${CPPFLAGS}
>> -LDFLAGS += -g ${LIBS}
>> ++CPPFLAGS = -DVERSION=\"${VERSION}\" -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
>> +CFLAGS += -std=c99 ${INCS} ${CPPFLAGS}
>> +LDFLAGS += ${LIBS}
>>
>> Index: patches/patch-st_c
>> ===================================================================
>> RCS file: patches/patch-st_c
>> diff -N patches/patch-st_c
>> --- /dev/null    1 Jan 1970 00:00:00 -0000
>> +++ patches/patch-st_c    29 Mar 2017 12:21:05 -0000
>> @@ -0,0 +1,19 @@
>> +$OpenBSD$
>> +--- st.c.orig    Thu Aug 11 16:25:58 2016
>> ++++ st.c    Wed Mar 29 14:20:44 2017
>> +@@ -1454,9 +1454,15 @@ ttynew(void)
>> +            die("ioctl TIOCSCTTY failed: %s\n", strerror(errno));
>> +        close(s);
>> +        close(m);
>> ++
>> ++        if (pledge("stdio getpw proc exec", NULL) == -1)
>> ++            die("pledge\n");
>> ++
>> +        execsh();
>> +        break;
>> +    default:
>> ++        if (pledge("stdio rpath tty", NULL) == -1)
>> ++            die("pledge\n");
>> +        close(s);
>> +        cmdfd = m;
>> +        signal(SIGCHLD, sigchld);

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Gleydson Soares-3
In reply to this post by Joerg Jung
> However, this should be submitted to upstream;
> and yes, they will likely just wrap the patch in #ifdef's

Absolutely agreed!

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Jeremie Courreges-Anglas-2
In reply to this post by Joerg Jung
Joerg Jung <[hidden email]> writes:

>> Am 29.03.2017 um 03:05 schrieb Jeremie Courreges-Anglas <[hidden email]>:
>>
>> Gleydson Soares <[hidden email]> writes:
>>
>>>> If upstream has an autoconf-like mechanism, better wrap this in
>>>> #ifdef HAVE_PLEDGE statements.  If not, better keep local patches, at
>>>> least we can easily keep track of them.
>>>
>>> sure, meanwhile we should also send it upstream and protecting these
>>> calls by adding #ifdef is ok to make consistency with other suckless
>>> tools. ii and sic pledge() patches have been merged:
>>> http://git.suckless.org/ii/commit/?id=584290f2642eeacbe1b24e7174e49139d6787252
>>> http://git.suckless.org/sic/commit/?id=9bb34de449c8f22d869a6f3794107ed25d37c7c1
>>
>> eww...
>>
>> Making it consistent with existing bad practices is not a good thing.
>> People should check for features like "does this OS provide pledge?"
>> instead of dumb OS checks.  This really feels like the 80's.
>
> suckless.org community is different. They seem to like the 80s ;)
> They will likely never add any automatic feature checks.
>
>> The approach used in the commits above is just this, bad practices, and
>> I don't feel like we should encourage it by sending similar patches.
>
> This is ports not base. Upstream has the right to decide on coding style
> and practice. Spreading wider usage of pledge() is a good thing, IMHO.

Fine, I'll just stop caring about suckless projects.

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: x11/st pledge()

Sebastien Marie-3
In reply to this post by Joerg Jung
On Thu, Mar 30, 2017 at 12:58:15PM +0200, Joerg Jung wrote:
>
> This is ports not base. Upstream has the right to decide on coding style
> and practice. Spreading wider usage of pledge() is a good thing, IMHO.
>

So I hope someone will tell them that pledge(2) exists on other system
than OpenBSD: Bitrig has it too.

--
Sebastien Marie