All commands seem to work fine with pledge "stdio" after the connect(),

direct source and symbol table inspection suggests it is good.  The same
principle will likely apply to most of our network daemon *ctl programs,
since many are derived from ospfd.  Still, each needs testing.
discussion about network daemons and ctl's has been mostly with renato

diff --git a/usr.sbin/ripctl/ripctl.c b/usr.sbin/ripctl/ripctl.c
index 93ebbc3..24f5521 100644 (file)
--- a/usr.sbin/ripctl/ripctl.c
+++ b/usr.sbin/ripctl/ripctl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ripctl.c,v 1.14 2015/09/27 17:32:36 stsp Exp $
+/*     $OpenBSD: ripctl.c,v 1.15 2015/10/09 07:54:28 deraadt Exp $
  *
  * Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it>
  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -88,6 +88,9 @@ main(int argc, char *argv[])
        if (connect(ctl_sock, (struct sockaddr *)&sun, sizeof(sun)) == -1)
                err(1, "connect: %s", RIPD_SOCKET);
 
+       if (pledge("stdio", NULL) == -1)
+               err(1, "pledge");
+
        if ((ibuf = malloc(sizeof(struct imsgbuf))) == NULL)
                err(1, NULL);
        imsg_init(ibuf, ctl_sock);