The e, x, p, t and (undocumented) i commands all need to create/write files as they can cause it to automatically restore missing volumes in a multipart archive.
It calls flock() only when operating on a multipart archive where the last volume is missing and there is a recovery volume available and the archive is RAR3 not RAR5 (and when the moon is waning). We can't tell up front if an archive is missing a volume (or check the lunar phase) so it has to keep all those privs just in case. Even for testing an archive... getpwnam and friends are called if an archive created with the -ow flag set is being extracted with the -ow flag set. All commands can prompt for a password so tty is always needed. This does a worst-case pledge() to start with (before the command line input is fed into its unicode parser) and drops getpw later if -ow wasn't passed, and drops file writing privs for the l and v commands. -- Carlin Index: archivers/unrar/Makefile =================================================================== RCS file: /cvs/ports/archivers/unrar/Makefile,v retrieving revision 1.63 diff -u -p -u -r1.63 Makefile --- archivers/unrar/Makefile 12 Apr 2016 15:03:11 -0000 1.63 +++ archivers/unrar/Makefile 18 May 2016 11:52:24 -0000 @@ -13,6 +13,7 @@ PKGNAME= unrar-5.31 EPOCH= 1 DISTNAME= unrarsrc-5.3.11 CATEGORIES= archivers +REVISION= 0 HOMEPAGE= http://www.rarlab.com/ @@ -21,6 +22,7 @@ MAINTAINER= Christian Weisgerber <naddy@ # nonstandard PERMIT_PACKAGE_CDROM= Yes +# uses pledge() WANTLIB= c crypto m pthread stdc++ MASTER_SITES= ${HOMEPAGE}rar/ Index: archivers/unrar/patches/patch-cmddata_cpp =================================================================== RCS file: archivers/unrar/patches/patch-cmddata_cpp diff -N archivers/unrar/patches/patch-cmddata_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ archivers/unrar/patches/patch-cmddata_cpp 18 May 2016 11:52:24 -0000 @@ -0,0 +1,31 @@ +$OpenBSD$ +--- cmddata.cpp.orig Mon Feb 8 20:39:15 2016 ++++ cmddata.cpp Wed May 18 23:39:20 2016 +@@ -1242,6 +1242,14 @@ void CommandData::ProcessCommand() + case 'T': + case 'I': + { ++#ifdef __OpenBSD__ ++ if (!ProcessOwners) { ++ if (pledge("stdio rpath wpath cpath fattr tty flock", NULL) == -1) { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(RARX_FATAL); ++ } ++ } ++#endif + CmdExtract Extract(this); + Extract.DoExtract(); + } +@@ -1249,6 +1257,12 @@ void CommandData::ProcessCommand() + #ifndef SILENT + case 'V': + case 'L': ++#ifdef __OpenBSD__ ++ if (pledge("stdio rpath tty", NULL) == -1) { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(RARX_FATAL); ++ } ++#endif + ListArchive(this); + break; + default: Index: archivers/unrar/patches/patch-rar_cpp =================================================================== RCS file: archivers/unrar/patches/patch-rar_cpp diff -N archivers/unrar/patches/patch-rar_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ archivers/unrar/patches/patch-rar_cpp 18 May 2016 11:52:24 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ +--- rar.cpp.orig Mon Feb 8 20:39:15 2016 ++++ rar.cpp Wed May 18 23:39:49 2016 +@@ -8,6 +8,13 @@ int main(int argc, char *argv[]) + setlocale(LC_ALL,""); + #endif + ++#ifdef __OpenBSD__ ++ if (pledge("stdio rpath cpath wpath fattr tty flock getpw", NULL) == -1) { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(RARX_FATAL); ++ } ++#endif ++ + InitConsole(); + ErrHandler.SetSignalHandlers(true); +
