From fdcd7891d1da154565cf85f7e8c1e3ab7bd22c99 Mon Sep 17 00:00:00 2001
From: doug <doug@openbsd.org>
Date: Sun, 11 Oct 2015 19:00:40 +0000
Subject: [PATCH] Pledge that ncheck_ffs only uses "stdio" after opening the
 device.

ok deraadt@
---
 sbin/ncheck_ffs/ncheck_ffs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sbin/ncheck_ffs/ncheck_ffs.c b/sbin/ncheck_ffs/ncheck_ffs.c
index 46b7d2cd2d8..e299eb767da 100644
--- a/sbin/ncheck_ffs/ncheck_ffs.c
+++ b/sbin/ncheck_ffs/ncheck_ffs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ncheck_ffs.c,v 1.50 2015/02/07 02:09:13 deraadt Exp $	*/
+/*	$OpenBSD: ncheck_ffs.c,v 1.51 2015/10/11 19:00:40 doug Exp $	*/
 
 /*-
  * Copyright (c) 1995, 1996 SigmaSoft, Th. Lockert <tholo@sigmasoft.com>
@@ -590,6 +590,10 @@ gotdev:
 		err(1, "ioctl (DIOCGDINFO)");
 	if (ioctl(diskfd, DIOCGPDINFO, (char *)&lab) < 0)
 		err(1, "ioctl (DIOCGPDINFO)");
+
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+
 	sblock = (struct fs *)sblock_buf;
 	for (i = 0; sblock_try[i] != -1; i++) {
 		n = pread(diskfd, sblock, SBLOCKSIZE, (off_t)sblock_try[i]);
-- 
2.20.1