After spawning, the parent can pledge "stdio rpath wpath cpath"

from rob pierce

diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c
index a4eca11..07eb5c3 100644 (file)
--- a/usr.bin/sdiff/sdiff.c
+++ b/usr.bin/sdiff/sdiff.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sdiff.c,v 1.33 2015/10/10 19:03:08 deraadt Exp $ */
+/*     $OpenBSD: sdiff.c,v 1.34 2015/10/15 23:06:46 deraadt Exp $ */
 
 /*
  * Written by Raymond Lai <ray@cyth.net>.
@@ -314,6 +314,9 @@ main(int argc, char **argv)
                err(2, "could not fork");
        }
 
+       if (pledge("stdio rpath wpath cpath", NULL) == -1)
+               err(1, "pledge");
+
        /* parent */
        /* We don't write to the pipe. */
        close(fd[1]);