From: semarie <semarie@openbsd.org>
Date: Mon, 12 Oct 2015 14:01:06 +0000 (+0000)
Subject: reenable pledge(2) on pax, but only if pmode isn't in use or if action
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=cedca710b9567758e7aea9edb521097119150f73;p=openbsd

reenable pledge(2) on pax, but only if pmode isn't in use or if action
shouldn't do things with filesystem.

ok deraadt@ millert@
---

diff --git a/bin/pax/ar_io.c b/bin/pax/ar_io.c
index 0b22757ba73..8db2332e0fd 100644
--- a/bin/pax/ar_io.c
+++ b/bin/pax/ar_io.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ar_io.c,v 1.52 2015/10/12 09:28:54 semarie Exp $	*/
+/*	$OpenBSD: ar_io.c,v 1.53 2015/10/12 14:01:06 semarie Exp $	*/
 /*	$NetBSD: ar_io.c,v 1.5 1996/03/26 23:54:13 mrg Exp $	*/
 
 /*-
@@ -1261,11 +1261,11 @@ ar_start_gzip(int fd, const char *path, int wr)
 		close(fds[0]);
 		close(fds[1]);
 
-#if 0
-		if (pledge("stdio rpath wpath cpath fattr getpw ioctl proc",
-		    NULL) == -1)
-			err(1, "pledge");
-#endif
+		if (pmode == 0 || (act != EXTRACT && act != COPY)) {
+		    if (pledge("stdio rpath wpath cpath fattr getpw ioctl proc",
+			NULL) == -1)
+				err(1, "pledge");
+		}
 	} else {
 		if (wr) {
 			dup2(fds[0], STDIN_FILENO);