From 6a1f973fda1ae0e7b150ef1e597e408743a4f298 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 12 Oct 2015 14:09:32 +0000
Subject: [PATCH] in fuser mode with -k or -s mode, kill(2) might be called and
 route lookups won't be needed; so expand the pledge setup to handle 3
 codepaths. from theo buehler

---
 usr.bin/fstat/fstat.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/usr.bin/fstat/fstat.c b/usr.bin/fstat/fstat.c
index becb6f63f27..bfc4d0f8e54 100644
--- a/usr.bin/fstat/fstat.c
+++ b/usr.bin/fstat/fstat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fstat.c,v 1.81 2015/10/10 14:29:05 deraadt Exp $	*/
+/*	$OpenBSD: fstat.c,v 1.82 2015/10/12 14:09:32 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -275,8 +275,18 @@ main(int argc, char *argv[])
 	if ((kf = kvm_getfiles(kd, what, arg, sizeof(*kf), &cnt)) == NULL)
 		errx(1, "%s", kvm_geterr(kd));
 
-	if (pledge("stdio rpath route", NULL) == -1)
-		err(1, "pledge");
+	if (fuser) {
+		if (sflg) { /* fuser might call kill(2) */
+			if (pledge("stdio rpath proc", NULL) == -1)
+				err(1, "pledge");
+		} else {
+			if (pledge("stdio rpath", NULL) == -1)
+				err(1, "pledge");
+		}
+	} else {
+		if (pledge("stdio rpath route", NULL) == -1)
+			err(1, "pledge");
+	}
 
 	find_splices(kf, cnt);
 	if (!fuser)
-- 
2.20.1