pledge "stdio rpath wpath cpath proc exec". there is some potential

for dropping some path attributes in between, but i will let someone
else do that.
ok doug

diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c
index 09870c6..a4eca11 100644 (file)
--- a/usr.bin/sdiff/sdiff.c
+++ b/usr.bin/sdiff/sdiff.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sdiff.c,v 1.32 2015/02/05 12:59:58 millert Exp $ */
+/*     $OpenBSD: sdiff.c,v 1.33 2015/10/10 19:03:08 deraadt Exp $ */
 
 /*
  * Written by Raymond Lai <ray@cyth.net>.
@@ -164,6 +164,9 @@ main(int argc, char **argv)
        char **diffargv, *diffprog = "diff", *filename1, *filename2,
            *tmp1, *tmp2, *s1, *s2;
 
+       if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
+               err(1, "pledge");
+
        /*
         * Process diff flags.
         */