Hi,

I was wondering what are the views on having the pledge(2) promise assembled (in a 3rd party app). Scanning through base and ports, I could only find pledge(2) promises as constant string argument. I did assume that it's the safest way to make sure that the promise can't be fiddled with.

Since the app (Chrony) was not designed with pledge in mind, if became more readable to assemble the promise string like:

(https://gitlab.com/chrony/chrony/-/commit/0ea7607358cc)
--- upstream commit 0ea76073 ---

  if (snprintf(promises, sizeof (promises), "stdio%s%s%s%s",
               needs_main_misc ? " rpath wpath cpath inet unix dns" : "",
               needs_recvfd ? " recvfd" : "",
               needs_sendfd ? " sendfd" : "",
               needs_settime ? " settime" : "") >= sizeof (promises))
    assert(0);

  DEBUG_LOG("Pledging: %s", promises);

  if (pledge(promises, NULL) < 0)
    LOG_FATAL("pledge() failed");

---

Originally I stuck to the constant strings and Miroslav optimized it after another change would have resulted in more complex if/else constructs.

Reply via email to