From 4ca91f0766fd995b2c87c8fedabbed8b259a5698 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 9 Oct 2015 07:54:28 +0000
Subject: [PATCH] All commands seem to work fine with pledge "stdio" after the
 connect(), direct source and symbol table inspection suggests it is good. 
 The same principle will likely apply to most of our network daemon *ctl
 programs, since many are derived from ospfd.  Still, each needs testing.
 discussion about network daemons and ctl's has been mostly with renato

---
 usr.sbin/ripctl/ripctl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/ripctl/ripctl.c b/usr.sbin/ripctl/ripctl.c
index 93ebbc3ac49..24f5521e8a5 100644
--- a/usr.sbin/ripctl/ripctl.c
+++ b/usr.sbin/ripctl/ripctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ripctl.c,v 1.14 2015/09/27 17:32:36 stsp Exp $
+/*	$OpenBSD: ripctl.c,v 1.15 2015/10/09 07:54:28 deraadt Exp $
  *
  * Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it>
  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -88,6 +88,9 @@ main(int argc, char *argv[])
 	if (connect(ctl_sock, (struct sockaddr *)&sun, sizeof(sun)) == -1)
 		err(1, "connect: %s", RIPD_SOCKET);
 
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+
 	if ((ibuf = malloc(sizeof(struct imsgbuf))) == NULL)
 		err(1, NULL);
 	imsg_init(ibuf, ctl_sock);
-- 
2.20.1