From 758d4455ed859072fee0597078a69b96e7f922a5 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 16 Oct 2015 07:01:53 +0000
Subject: [PATCH] doug and I think the kernel has enough features to support
 pledge "stdio rpath wpath cpath getpw proc exec tty" now. It will be hard to
 drop many of those features unless cu becomes privsep for the "upload"
 commands.

---
 usr.bin/cu/cu.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/cu/cu.c b/usr.bin/cu/cu.c
index 8bb812a169a..efa2f4f05d7 100644
--- a/usr.bin/cu/cu.c
+++ b/usr.bin/cu/cu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cu.c,v 1.23 2015/10/05 23:15:31 nicm Exp $ */
+/* $OpenBSD: cu.c,v 1.24 2015/10/16 07:01:53 deraadt Exp $ */
 
 /*
  * Copyright (c) 2012 Nicholas Marriott <nicm@openbsd.org>
@@ -79,6 +79,10 @@ main(int argc, char **argv)
 	char		*tmp, *s, *host;
 	int		 opt, i, flags;
 
+	if (pledge("stdio rpath wpath cpath getpw proc exec tty",
+	    NULL) == -1)
+		err(1, "pledge");
+
 	if (isatty(STDIN_FILENO) && tcgetattr(STDIN_FILENO, &saved_tio) != 0)
 		err(1, "tcgetattr");
 
-- 
2.20.1