tame "stdio rpath wpath cpath proc exec". make is a shell, and appears

to only need these operations.  Take note that "exec" is a 2-day old
tame request, so do get a new kernel before you update or risk getting
trapped.

diff --git a/usr.bin/make/main.c b/usr.bin/make/main.c
index faba869..891d860 100644 (file)
--- a/usr.bin/make/main.c
+++ b/usr.bin/make/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.112 2015/10/07 14:16:09 deraadt Exp $ */
+/*     $OpenBSD: main.c,v 1.113 2015/10/08 14:49:27 deraadt Exp $ */
 /*     $NetBSD: main.c,v 1.34 1997/03/24 20:56:36 gwr Exp $    */
 
 /*
@@ -192,6 +192,9 @@ MainParseArgs(int argc, char **argv)
 #define OPTFLAGS "BC:D:I:SV:d:ef:ij:km:npqrst"
 #define OPTLETTERS "BSiknpqrst"
 
+       if (tame("stdio rpath wpath cpath proc exec", NULL) == -1)
+               err(1, "tame");
+
        optind = 1;     /* since we're called more than once */
        optreset = 1;
        optend = 0;