pledge("stdio") the RSA-privsep process

diff --git a/usr.sbin/smtpd/ca.c b/usr.sbin/smtpd/ca.c
index ccfae18..0332fc2 100644 (file)
--- a/usr.sbin/smtpd/ca.c
+++ b/usr.sbin/smtpd/ca.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ca.c,v 1.14 2015/01/20 17:37:54 deraadt Exp $ */
+/*     $OpenBSD: ca.c,v 1.15 2015/10/13 08:07:35 gilles Exp $  */
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -137,6 +137,9 @@ ca(void)
        /* Ignore them until we get our config */
        mproc_disable(p_pony);
 
+       if (pledge("stdio", NULL) == -1)
+               err(1, "pledge");
+
        if (event_dispatch() < 0)
                fatal("event_dispatch");
        ca_shutdown();