That diff is completely wrong. The addition of "prot_exec" to a pledge should result in some significant questions.
You can't pledge a program if you don't understand what it is doing, and why. Misapplication of pledge like this will result in a nightmare. > On Sun, Nov 22, 2015 at 12:38:22PM -0500, trondd wrote: > > ...And I meant for this to go to ports. Sorry. > > > > ---------------------------- Original Message ---------------------------- > > Subject: [PATCH] pledge x11/wmii (and other ports?) > > From: tro...@kagu-tsuchi.com > > Date: Sun, November 22, 2015 12:24 pm > > To: m...@openbsd.org > > -------------------------------------------------------------------------- > > > > I haven't seen much discussion about applying pledge to ports, so I > > thought I'd > > find out how people feel about it. > > I like it. > > > I chose to start with x11/wmii because > > a) It's no longer officially developed so (other than updating the port to > > the > > last release) it's not going to change. > > b) I might be the only one left who uses it. > > Yes. I'm pretty sure you are ;) > > However, I would consider github sunaku/wmii the "new" upstream, so > maybe try to push the patches there as and gently ask for release. > > > I've been running it pledged since it was tame. > > > > I can see downsides to this such as, ports maintainers not necessarily being > > involved in the development of the port and having a lower understanding > > of the > > code as compared to OBSD developers with base code, or not having the > > ability > > to reorganize or change the code in a way that improves it for pledge. > > > > Tim. > > > > > > Index: Makefile > > =================================================================== > > RCS file: /cvs/ports/x11/wmii/Makefile,v > > retrieving revision 1.21 > > diff -u -p -r1.21 Makefile > > --- Makefile 12 Nov 2015 09:59:41 -0000 1.21 > > +++ Makefile 20 Nov 2015 22:33:36 -0000 > > @@ -3,7 +3,7 @@ > > COMMENT= dynamic window manager > > DISTNAME= wmii-3.6 > > -REVISION= 6 > > +REVISION= 7 > > CATEGORIES= x11 > > HOMEPAGE= http://wmii.suckless.org/ > > cvs server: Diffing patches > > Index: patches/patch-cmd_wmii_main_c > > =================================================================== > > RCS file: patches/patch-cmd_wmii_main_c > > diff -N patches/patch-cmd_wmii_main_c > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ patches/patch-cmd_wmii_main_c 20 Nov 2015 22:33:36 -0000 @@ -0,0 > > +1,13 @@ > > +$OpenBSD$ > > +--- cmd/wmii/main.c.orig Sun Oct 18 15:10:20 2015 > > ++++ cmd/wmii/main.c Sun Oct 18 15:10:33 2015 > > +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) { > > + WinAttr wa; > > + int i; > > + > > ++ if (pledge("stdio rpath cpath fattr unix proc exec prot_exec", > > NULL) == -1) > > ++ err(1, "pledge"); > > ++ > > + fmtinstall('r', errfmt); > > + fmtinstall('C', Cfmt); > > + > > Index: patches/patch-cmd_wmiir_c > > =================================================================== > > RCS file: patches/patch-cmd_wmiir_c > > diff -N patches/patch-cmd_wmiir_c > > --- /dev/null 1 Jan 1970 00:00:00 -0000 > > +++ patches/patch-cmd_wmiir_c 20 Nov 2015 22:33:36 -0000 > > @@ -0,0 +1,13 @@ > > +$OpenBSD$ > > +--- cmd/wmiir.c.orig Sun Oct 18 15:09:57 2015 > > ++++ cmd/wmiir.c Sun Oct 18 15:10:44 2015 > > +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) { > > + exectab *tab; > > + int ret; > > + > > ++ if (pledge("stdio unix", NULL) == -1) > > ++ err(1, "pledge"); > > ++ > > + fmtinstall('r', errfmt); > > + > > + address = getenv("WMII_ADDRESS"); > > > > >
