Theo Buehler wrote:
> tedu's -delete diff reminded me of a patch I've had in one of my trees
> for quite a while: find(1) was tamed a few days before execve(2) was
> added to kern_tame.c and I think it was simply forgotten that everything
> was already prepared for this. Now it's slightly more complicated than
> before because of the -delete option.
Yeah. I had to fiddle because I was adding something. I wasn't sure if it
would be better to add a switch? Pick a string and then call pledge(perms). We
don't typically do that, but is there a tipping point where the if/err dance
gets too repititive?
>
> Index: find.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/find/find.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 find.c
> --- find.c 3 Jan 2017 21:31:16 -0000 1.21
> +++ find.c 3 Jan 2017 21:44:50 -0000
> @@ -162,6 +162,15 @@ find_execute(PLAN *plan, /* search plan
> if (pledge("stdio rpath getpw", NULL) == -1)
> err(1, "pledge");
> }
> + } else {
> + if (isdelete) {
> + if (pledge("stdio rpath cpath getpw proc exec", NULL)
> + == -1)
> + err(1, "pledge");
> + } else {
> + if (pledge("stdio rpath getpw proc exec", NULL) == -1)
> + err(1, "pledge");
> + }
> }
>
> rval = 0;
>
