From b1b6ff5b9262e72a66abb9a47d9f09ae903e0825 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 16 Oct 2015 22:54:35 +0000
Subject: [PATCH] pledge "stdio rpath wpath cpath getpw fattr flock"

---
 usr.sbin/pwd_mkdb/pwd_mkdb.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 1e8b3991c05..20d1733dfe6 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pwd_mkdb.c,v 1.50 2015/08/27 19:11:37 gsoares Exp $	*/
+/*	$OpenBSD: pwd_mkdb.c,v 1.51 2015/10/16 22:54:35 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993, 1994
@@ -233,6 +233,9 @@ main(int argc, char **argv)
 		warn("%s: unable to make group readable", _PATH_SMP_DB);
 	clean |= FILE_SECURE;
 
+	if (pledge("stdio rpath wpath cpath getpw fattr flock", NULL) == -1)
+		err(1, "pledge");
+
 	/* Open the temporary insecure password database. */
 	if (!secureonly) {
 		(void)snprintf(buf, sizeof(buf), "%s.tmp",
-- 
2.20.1