From d6d31112e2dd08a376340448a767b33b512acd92 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 19 Oct 2015 18:53:35 +0000
Subject: [PATCH] pledge "stdio exec proc" early on, setpriority, then pledge
 "stdio exec" from Theo Buehler

---
 usr.bin/nice/nice.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/usr.bin/nice/nice.c b/usr.bin/nice/nice.c
index e992069c745..d48e067e181 100644
--- a/usr.bin/nice/nice.c
+++ b/usr.bin/nice/nice.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nice.c,v 1.14 2014/02/13 20:51:10 tedu Exp $	*/
+/*	$OpenBSD: nice.c,v 1.15 2015/10/19 18:53:35 deraadt Exp $	*/
 /*	$NetBSD: nice.c,v 1.9 1995/08/31 23:30:58 jtc Exp $	*/
 
 /*
@@ -53,6 +53,9 @@ main(int argc, char *argv[])
 
 	setlocale(LC_ALL, "");
 
+	if (pledge("stdio exec proc", NULL) == -1)
+		err(1, "pledge");
+
 	/* handle obsolete -number syntax */
 	if (argc > 1 && argv[1][0] == '-' &&
 	    isdigit((unsigned char)argv[1][1])) {
@@ -70,7 +73,6 @@ main(int argc, char *argv[])
 			if (errstr)
 				errx(1, "increment is %s", errstr);
 			break;
-		case '?':
 		default:
 			usage();
 			break;
@@ -84,16 +86,16 @@ main(int argc, char *argv[])
 
 	errno = 0;
 	prio += getpriority(PRIO_PROCESS, 0);
-	if (errno) {
+	if (errno)
 		err(1, "getpriority");
-		/* NOTREACHED */
-	}
 	if (setpriority(PRIO_PROCESS, 0, prio))
 		warn("setpriority");
 
+	if (pledge("stdio exec", NULL) == -1)
+		err(1, "pledge");
+
 	execvp(argv[0], &argv[0]);
 	err((errno == ENOENT) ? 127 : 126, "%s", argv[0]);
-	/* NOTREACHED */
 }
 
 static void
-- 
2.20.1