More restrictive pledge(s) can be done if tmpdir is equal or subordinate to
_PATH_TMP by using the "tmppath" request instead of the "wpath cpath" duo.
For now just do the obvious repledge after the fork/execvp and drop proc
and exec.
Rob
Index: sdiff.c
===================================================================
RCS file: /cvs/src/usr.bin/sdiff/sdiff.c,v
retrieving revision 1.33
diff -u -p -r1.33 sdiff.c
--- sdiff.c 10 Oct 2015 19:03:08 -0000 1.33
+++ sdiff.c 13 Oct 2015 21:16:47 -0000
@@ -314,6 +314,9 @@ main(int argc, char **argv)
err(2, "could not fork");
}
+ if (pledge("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "pledge");
+
/* parent */
/* We don't write to the pipe. */
close(fd[1]);
