From: kn <kn@openbsd.org>
Date: Sun, 15 Oct 2023 09:49:57 +0000 (+0000)
Subject: Pledge once with or without "proc exec", not twice
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=942b9b291450fcd6636bff0c7fac349e9a974909;p=openbsd

Pledge once with or without "proc exec", not twice

Spotted while comparing ktraces between 'tar -z' and 'gzcat | tar -f-'.

Only the former runs, e.g. gzip(1), but the latter also pledges theses promises
just to pledge again immediately afterwards without them.

Make the calls mutually exclusive so 'tar -f-' et al. skip the first pledge
and thus never have "proc exec" to begin wth.

"looks good to me" mbuhl
OK millert
---

diff --git a/bin/pax/pax.c b/bin/pax/pax.c
index cd5fcd69021..f86ba6d7ceb 100644
--- a/bin/pax/pax.c
+++ b/bin/pax/pax.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pax.c,v 1.54 2023/07/05 18:45:14 guenther Exp $	*/
+/*	$OpenBSD: pax.c,v 1.55 2023/10/15 09:49:57 kn Exp $	*/
 /*	$NetBSD: pax.c,v 1.5 1996/03/26 23:54:20 mrg Exp $	*/
 
 /*-
@@ -271,15 +271,15 @@ main(int argc, char **argv)
 	 * so can't pledge at all then.
 	 */
 	if (pmode == 0 || (act != EXTRACT && act != COPY)) {
-		if (pledge("stdio rpath wpath cpath fattr dpath getpw proc exec tape",
-		    NULL) == -1)
-			err(1, "pledge");
-
 		/* Copy mode, or no gzip -- don't need to fork/exec. */
 		if (gzip_program == NULL || act == COPY) {
 			if (pledge("stdio rpath wpath cpath fattr dpath getpw tape",
 			    NULL) == -1)
 				err(1, "pledge");
+		} else {
+			if (pledge("stdio rpath wpath cpath fattr dpath getpw proc exec tape",
+			    NULL) == -1)
+				err(1, "pledge");
 		}
 	}