Michael McConville wrote:
> This works for me. It unconditionally vforks at some point so, unlike
> grep, it needs proc. Also, the --pager flag lets the user specify a
> pager to display the output in, so it needs exec in that case.
And bump REVISION, of course. :-)
I'm going to look into whether we can safely place pledge after the
vfork.
> Index: patches/patch-src_options_c
> ===================================================================
> RCS file: patches/patch-src_options_c
> diff -N patches/patch-src_options_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_options_c 16 Jan 2016 21:01:58 -0000
> @@ -0,0 +1,17 @@
> +$OpenBSD$
> +--- src/options.c.orig Sun Sep 6 02:20:35 2015
> ++++ src/options.c Sat Jan 16 15:52:17 2016
> +@@ -543,6 +543,13 @@ void parse_options(int argc, char **argv, char **base_
> + }
> + }
> +
> ++ if (opts.pager == NULL) {
> ++ if (pledge("stdio rpath proc", NULL) == -1)
> ++ err(2, "pledge");
> ++ } else {
> ++ if (pledge("stdio rpath proc exec", NULL) == -1)
> ++ err(2, "pledge");
> ++ }
> +
> + if (ext_index[0]) {
> + num_exts = combine_file_extensions(ext_index, lang_num,
> &extensions);
>
