From 222df3215a9d0f6e28a23d89297c1c85a15f188b Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Tue, 6 Oct 2015 23:01:43 +0000
Subject: [PATCH] obvious tame "stdio".  For those not keeping score, this is
 another program which has had string mismanagement bugs before, probably of
 the exploitable fashion.. if used in the wrong kind of script..

---
 usr.bin/printf/printf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/printf/printf.c b/usr.bin/printf/printf.c
index 289177c3bf8..f7883ea969d 100644
--- a/usr.bin/printf/printf.c
+++ b/usr.bin/printf/printf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: printf.c,v 1.22 2014/05/25 07:36:36 jmc Exp $	*/
+/*	$OpenBSD: printf.c,v 1.23 2015/10/06 23:01:43 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1989 The Regents of the University of California.
@@ -32,6 +32,7 @@
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include <limits.h>
 #include <locale.h>
@@ -81,6 +82,9 @@ main(int argc, char *argv[])
 
 	setlocale (LC_ALL, "");
 
+	if (tame("stdio", NULL) == -1)
+		err(1, "tame");
+
 	/* Need to accept/ignore "--" option. */
 	if (argc > 1 && strcmp(argv[1], "--") == 0) {
 		argc--;
-- 
2.20.1