Michael McConville wrote: > This works for me. It unconditionally vforks at some point so, unlike > grep, it needs proc. Also, the --pager flag lets the user specify a > pager to display the output in, so it needs exec in that case.
And bump REVISION, of course. :-) I'm going to look into whether we can safely place pledge after the vfork. > Index: patches/patch-src_options_c > =================================================================== > RCS file: patches/patch-src_options_c > diff -N patches/patch-src_options_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_options_c 16 Jan 2016 21:01:58 -0000 > @@ -0,0 +1,17 @@ > +$OpenBSD$ > +--- src/options.c.orig Sun Sep 6 02:20:35 2015 > ++++ src/options.c Sat Jan 16 15:52:17 2016 > +@@ -543,6 +543,13 @@ void parse_options(int argc, char **argv, char **base_ > + } > + } > + > ++ if (opts.pager == NULL) { > ++ if (pledge("stdio rpath proc", NULL) == -1) > ++ err(2, "pledge"); > ++ } else { > ++ if (pledge("stdio rpath proc exec", NULL) == -1) > ++ err(2, "pledge"); > ++ } > + > + if (ext_index[0]) { > + num_exts = combine_file_extensions(ext_index, lang_num, > &extensions); >