tedu's -delete diff reminded me of a patch I've had in one of my trees
for quite a while: find(1) was tamed a few days before execve(2) was
added to kern_tame.c and I think it was simply forgotten that everything
was already prepared for this. Now it's slightly more complicated than
before because of the -delete option.
Index: find.c
===================================================================
RCS file: /cvs/src/usr.bin/find/find.c,v
retrieving revision 1.21
diff -u -p -r1.21 find.c
--- find.c 3 Jan 2017 21:31:16 -0000 1.21
+++ find.c 3 Jan 2017 21:44:50 -0000
@@ -162,6 +162,15 @@ find_execute(PLAN *plan, /* search plan
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");
}
+ } else {
+ if (isdelete) {
+ if (pledge("stdio rpath cpath getpw proc exec", NULL)
+ == -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio rpath getpw proc exec", NULL) == -1)
+ err(1, "pledge");
+ }
}
rval = 0;
