From 9c96c22eba475b677837552a382945d1624f631f Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 9 Oct 2015 17:09:06 +0000
Subject: [PATCH] With nfs spool (fork + seteuid/setuid balony) support gone,
 it becomes possible to pledge "stdio rpath wpath tty proc" Noone uses this
 code anymore.  This is a demonstration...

---
 libexec/comsat/comsat.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index af26c73000c..d0836b7ef36 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: comsat.c,v 1.41 2015/10/09 17:07:21 deraadt Exp $	*/
+/*	$OpenBSD: comsat.c,v 1.42 2015/10/09 17:09:06 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -52,6 +52,7 @@
 #include <unistd.h>
 #include <utmp.h>
 #include <vis.h>
+#include <err.h>
 
 int	debug = 0;
 #define	dsyslog	if (debug) syslog
@@ -82,6 +83,9 @@ main(int argc, char *argv[])
 	char msgbuf[100];
 	sigset_t sigset;
 
+	if (pledge("stdio rpath wpath tty proc", NULL) == -1)
+		err(1, "pledge");
+
 	/* verify proper invocation */
 	fromlen = sizeof(from);
 	if (getsockname(0, (struct sockaddr *)&from, &fromlen) == -1) {
-- 
2.20.1