From c9ec0abe94e8a66cea008ed1a5f4d5b477e78bcf Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Fri, 16 Oct 2015 16:10:10 +0000
Subject: [PATCH] Pledge the syslogd privsep process with "stdio rpath wpath
 cpath inet dns getpw sendfd proc exec". OK deraadt@

---
 usr.sbin/syslogd/privsep.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c
index 94f6b2ad4f1..4487650e88d 100644
--- a/usr.sbin/syslogd/privsep.c
+++ b/usr.sbin/syslogd/privsep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep.c,v 1.56 2015/10/15 20:26:47 bluhm Exp $	*/
+/*	$OpenBSD: privsep.c,v 1.57 2015/10/16 16:10:10 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@@ -144,6 +144,10 @@ priv_init(char *conf, int numeric, int lockfd, int nullfd, char *argv[])
 		return 0;
 	}
 
+	if (pledge("stdio rpath wpath cpath inet dns getpw sendfd proc exec",
+	    NULL) == -1)
+		err(1, "pledge priv");
+
 	if (!Debug) {
 		close(lockfd);
 		dup2(nullfd, STDIN_FILENO);
-- 
2.20.1