From 10d2511b80a677ea96eaa937b0e2e2a15578ef9d Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Thu, 15 Oct 2015 23:06:46 +0000
Subject: [PATCH] After spawning, the parent can pledge "stdio rpath wpath
 cpath" from rob pierce

---
 usr.bin/sdiff/sdiff.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c
index a4eca11a1ba..07eb5c3d340 100644
--- a/usr.bin/sdiff/sdiff.c
+++ b/usr.bin/sdiff/sdiff.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sdiff.c,v 1.33 2015/10/10 19:03:08 deraadt Exp $ */
+/*	$OpenBSD: sdiff.c,v 1.34 2015/10/15 23:06:46 deraadt Exp $ */
 
 /*
  * Written by Raymond Lai <ray@cyth.net>.
@@ -314,6 +314,9 @@ main(int argc, char **argv)
 		err(2, "could not fork");
 	}
 
+	if (pledge("stdio rpath wpath cpath", NULL) == -1)
+		err(1, "pledge");
+
 	/* parent */
 	/* We don't write to the pipe. */
 	close(fd[1]);
-- 
2.20.1