From: deraadt <deraadt@openbsd.org>
Date: Thu, 15 Oct 2015 23:06:46 +0000 (+0000)
Subject: After spawning, the parent can pledge "stdio rpath wpath cpath"
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=10d2511b80a677ea96eaa937b0e2e2a15578ef9d;p=openbsd

After spawning, the parent can pledge "stdio rpath wpath cpath"
from rob pierce
---

diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c
index a4eca11a1ba..07eb5c3d340 100644
--- a/usr.bin/sdiff/sdiff.c
+++ b/usr.bin/sdiff/sdiff.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sdiff.c,v 1.33 2015/10/10 19:03:08 deraadt Exp $ */
+/*	$OpenBSD: sdiff.c,v 1.34 2015/10/15 23:06:46 deraadt Exp $ */
 
 /*
  * Written by Raymond Lai <ray@cyth.net>.
@@ -314,6 +314,9 @@ main(int argc, char **argv)
 		err(2, "could not fork");
 	}
 
+	if (pledge("stdio rpath wpath cpath", NULL) == -1)
+		err(1, "pledge");
+
 	/* parent */
 	/* We don't write to the pipe. */
 	close(fd[1]);