From 91ea8c266378b6493a35fbfc030e5c494b7aefaf Mon Sep 17 00:00:00 2001
From: gilles <gilles@openbsd.org>
Date: Tue, 13 Oct 2015 08:07:35 +0000
Subject: [PATCH] pledge("stdio") the RSA-privsep process

---
 usr.sbin/smtpd/ca.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/smtpd/ca.c b/usr.sbin/smtpd/ca.c
index ccfae188398..0332fc2e2ac 100644
--- a/usr.sbin/smtpd/ca.c
+++ b/usr.sbin/smtpd/ca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.14 2015/01/20 17:37:54 deraadt Exp $	*/
+/*	$OpenBSD: ca.c,v 1.15 2015/10/13 08:07:35 gilles Exp $	*/
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -137,6 +137,9 @@ ca(void)
 	/* Ignore them until we get our config */
 	mproc_disable(p_pony);
 
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+
 	if (event_dispatch() < 0)
 		fatal("event_dispatch");
 	ca_shutdown();
-- 
2.20.1