From f02859560d57420ebcd497a9d91c087bd0d4c971 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sat, 10 Oct 2015 15:52:30 +0000
Subject: [PATCH] pledge "stdio rpath proc exec".  proc & exec because
 obviously it spawns subprocesses.  rpath is only needed for the -o (open
 /dev/tty) or no -o (open /dev/null) choice. ok beck

---
 usr.bin/xargs/xargs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/xargs/xargs.c b/usr.bin/xargs/xargs.c
index ed0ada5138a..89d6c0b759d 100644
--- a/usr.bin/xargs/xargs.c
+++ b/usr.bin/xargs/xargs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: xargs.c,v 1.29 2015/04/18 18:28:38 deraadt Exp $	*/
+/*	$OpenBSD: xargs.c,v 1.30 2015/10/10 15:52:30 deraadt Exp $	*/
 /*	$FreeBSD: xargs.c,v 1.51 2003/05/03 19:09:11 obrien Exp $	*/
 
 /*-
@@ -104,6 +104,10 @@ main(int argc, char *argv[])
 	nargs = 5000;
 	if ((arg_max = sysconf(_SC_ARG_MAX)) == -1)
 		errx(1, "sysconf(_SC_ARG_MAX) failed");
+
+	if (pledge("stdio rpath proc exec", NULL) == -1)
+		err(1, "pledge");
+
 	nline = arg_max - 4 * 1024;
 	while (*ep != NULL) {
 		/* 1 byte for each '\0' */
-- 
2.20.1