From 7f6a1cf52a44ba956024cb3ca180d33aefc65987 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sat, 17 Oct 2015 23:12:46 +0000
Subject: [PATCH] Allow the nasty ioctl TIOCSTI in "tty", but also require the
 "proc" permission.  For now, we'll tighten it down further later.

---
 sys/kern/kern_pledge.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 203f901fee1..c4f47f88fb9 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.46 2015/10/17 23:04:06 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.47 2015/10/17 23:12:46 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1094,12 +1094,11 @@ pledge_ioctl_check(struct proc *p, long com, void *v)
 				break;
 			return (0);
 #endif /* NPTY > 0 */
-#if notyet
 		case TIOCSTI:		/* ksh? csh? */
-			if (fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
+			if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0 &&
+			    fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
 				return (0);
 			break;
-#endif
 		case TIOCSCTTY:		/* tmux etc */
 			if ((p->p_p->ps_pledge & PLEDGE_ID) == 0 &&
 			    fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
-- 
2.20.1