All programs except mshow have a very tight set of promises. mshow
has a broad set of promises and might be a good future candidate
to further restrict using unveil(2).
This patch is based on commit 0300a112 by Alex Holst (dated
2017-12-07), which was proposed in GH PR #79.
* pledged mpick, mflow and mdate so that now all programs are pledged
* removed some unneeded promises and added some missing promises
* move err.h include and OpenBSD ifdef into a new xpledge.h
* cleaned up code aligning and whitespace
Closes: #179 [via git-merge-pr]
We one-time-pad the timestamp with a random key instead.
This will provide enough entropy to be unique, but not leak the system date.
Even with a bad RNG state it should guarantee uniqueness, however.
Fixes#17.
Nanosecond precision wasn't needed, and many legacy operating systems
don't support this POSIX.1-2001 function.
We now use plain microseconds for the timestamp, which uses the range of
the 64-bit number better as well. This will result in a Year 294247 problem.
