From 943a6def6990bf50c7da9feebd20d6f756e81424 Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Sun, 25 Oct 2015 01:57:09 +0000
Subject: [PATCH] For SYS_open let the /dev/null special case match if any
 TMN_RPATH, TMN_WPATH or both are set in p_pledgenote.  Matches the style used
 for /dev/tty special cases (among others).  From deraadt@

---
 sys/kern/kern_pledge.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index f5211a06ba6..1706f922fc5 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.69 2015/10/25 00:02:00 nicm Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.70 2015/10/25 01:57:09 millert Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -571,10 +571,9 @@ pledge_namei(struct proc *p, char *origpath)
 		break;
 	case SYS_open:
 		/* daemon(3) or other such functions */
-		if ((p->p_pledgenote == TMN_RPATH ||
-		    p->p_pledgenote == TMN_WPATH)) {
-			if (strcmp(path, "/dev/null") == 0)
-				return (0);
+		if ((p->p_pledgenote & ~(TMN_RPATH | TMN_WPATH)) == 0 &&
+		    strcmp(path, "/dev/null") == 0) {
+			return (0);
 		}
 
 		/* getpw* and friends need a few files */
-- 
2.20.1