From 9d396bfedba43c4186d0765460ea2457711c3e6d Mon Sep 17 00:00:00 2001
From: benno <benno@openbsd.org>
Date: Sat, 10 Oct 2015 00:16:23 +0000
Subject: [PATCH] relayd's ca process pledges to only use stdio. ok deraadt@

---
 usr.sbin/relayd/ca.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c
index 81f9971771d..977151b0b6e 100644
--- a/usr.sbin/relayd/ca.c
+++ b/usr.sbin/relayd/ca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.13 2015/05/02 13:15:24 claudio Exp $	*/
+/*	$OpenBSD: ca.c,v 1.14 2015/10/10 00:16:23 benno Exp $	*/
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -73,6 +73,9 @@ ca(struct privsep *ps, struct privsep_proc *p)
 void
 ca_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 {
+	if (pledge("stdio", NULL) == -1)
+		fatal("pledge");
+
 	if (config_init(ps->ps_env) == -1)
 		fatal("failed to initialize configuration");
 
-- 
2.20.1