On Sun, Oct 08, 2017 at 02:43:48AM -0700, Ori Bernstein wrote:
> And pax, because I can
>
> ============
>
>
> diff --git bin/pax/ar_io.c bin/pax/ar_io.c
> index 40a6492405e..ce53a9ae51b 100644
> --- bin/pax/ar_io.c
> +++ bin/pax/ar_io.c
> @@ -1281,6 +1281,11 @@ ar_start_gzip(int fd, const char *path, int wr)
> /* System compressors are more likely to use pledge(2) */
> putenv("PATH=/usr/bin:/usr/local/bin");
>
> + /* Restrict them to sane pledges */
> + if (pledge(NULL, "stdio rpath wpath cpath fattr chown "
> + "prot_exec") == -1)
> + err(1, "pledge");
> +
The pledge(2) arguments are passed in the wrong order here I think.
pledge(NULL, ...) to pledge(..., NULL).
> if (execlp(path, path, gzip_flags, (char *)NULL) < 0)
> err(1, "could not exec %s", path);
> /* NOTREACHED */
>
--
Kind regards,
Hiltjo
