Michael McConville wrote: > Florian Stinglmayr wrote: > > On Sat, Jan 16, 2016 at 04:09:20PM -0500, Michael McConville wrote: > > > This works for me. It unconditionally vforks at some point so, unlike > > > grep, it needs proc. Also, the --pager flag lets the user specify a > > > pager to display the output in, so it needs exec in that case. > > > > > > > > > > Thanks a lot. Here is one with revision bump: > > > > I will test this but so far it seems to work. > > Here's a second draft with a few changes: > > o wait a few lines (until after popening the pager) so that we can > unconditionally drop exec > > o it seems that the vfork was from pthread_create, so drop proc after > we call that > > Does that make sense? This is my first time pledging something from > scratch.
tb@ pointed out a mistake: my second pledge was within the pthread creation loop. It should still work that way because repledging the same promise set is legal. It's also unnecessary, though. New patch: Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/the_silver_searcher/Makefile,v retrieving revision 1.19 diff -u -p -r1.19 Makefile --- Makefile 9 Oct 2015 12:48:22 -0000 1.19 +++ Makefile 17 Jan 2016 01:07:40 -0000 @@ -3,6 +3,7 @@ COMMENT = code searching tool, with a focus on speed (ag) DISTNAME = the_silver_searcher-0.31.0 +REVISION = 0 CATEGORIES = textproc HOMEPAGE = https://github.com/ggreer/the_silver_searcher Index: patches/patch-src_main_c =================================================================== RCS file: patches/patch-src_main_c diff -N patches/patch-src_main_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_main_c 17 Jan 2016 01:07:40 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ +--- src/main.c.orig Sun Sep 6 00:29:27 2015 ++++ src/main.c Sat Jan 16 20:02:25 2016 +@@ -1,3 +1,4 @@ ++#include <err.h> + #include <pcre.h> + #include <stdarg.h> + #include <stdio.h> +@@ -156,6 +157,10 @@ int main(int argc, char **argv) { + log_debug("No CPU affinity support."); + #endif + } ++ ++ if (pledge("stdio rpath", NULL) == -1) ++ err(2, "pledge"); ++ + for (i = 0; paths[i] != NULL; i++) { + log_debug("searching path %s for %s", paths[i], opts.query); + symhash = NULL; Index: patches/patch-src_options_c =================================================================== RCS file: patches/patch-src_options_c diff -N patches/patch-src_options_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_options_c 17 Jan 2016 01:07:40 -0000 @@ -0,0 +1,18 @@ +$OpenBSD$ +--- src/options.c.orig Sun Sep 6 02:20:35 2015 ++++ src/options.c Sat Jan 16 18:40:21 2016 +@@ -1,3 +1,4 @@ ++#include <err.h> + #include <errno.h> + #include <limits.h> + #include <stdarg.h> +@@ -573,6 +574,9 @@ void parse_options(int argc, char **argv, char **base_ + exit(1); + } + } ++ ++ if (pledge("stdio rpath proc", NULL) == -1) ++ err(2, "pledge"); + + if (help) { + usage();
