On Sat, Oct 29 2022, Mikhail <mp39...@gmail.com> wrote: > On Sat, Oct 29, 2022 at 09:43:28AM +0100, Stuart Henderson wrote: >> On 2022/10/29 11:02, Mikhail wrote: >> > On Sat, Oct 29, 2022 at 09:37:08AM +0200, Omar Polo wrote: >> > > >> > > Port-wise, the only thing that needs to be adjusted is CFLAGS, as >> > > it uses the hardcoded ones '-O2 -pipe -Werror' and not the ones >> > > provided by the port infrastructure; it's very easy to fix: >> > >> > Fixed, new archive attached, also the diff between vanilla and this >> > ministat.c: >> >> imho it would be better for the distfile to be exactly the standard >> FreeBSD version, then apply any changes by patching it in the port > > Such way it looks cleaner indeed. Distfile updated, new archive > attached.
tl;dr : the pledge(2) promises looks reasonable to me. While I initially found that three pledge(2) was too much, I must admit that all of them tighten the program execution before looking at untrusted data. For the first call pledge(2), one could argue that the program environment is hardly untrusted data, but past problems like shellshock have proved this assumption wrong. The second pledge(2) call is the least useful IMO, since it only drops "tty" before reading data from files. But I feel strongly about dropping it. As suspected ministat fails to build on sparc64 (base-gcc) because it uses math.h functions but doesn't link against libm. Thanks kmos@ for confirming, suggesting the fix and testing it! This looks ready to import. ok?
ministat.tgz
Description: Binary data
-- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
