This is my pledge(1). There are many like it, but this one is mine.
When directory pledges land, this should also get support for them.
Usage example:
pledge stdio echo hello world
More complicated, with enough pledges to run awk:
pledge "stdio rpath wpath cpath proc exec prot_exec" \
awk 'BEGIN {print "hi"}'
============
diff --git usr.bin/Makefile usr.bin/Makefile
index f428c790fe7..d4c506bc918 100644
--- usr.bin/Makefile
+++ usr.bin/Makefile
@@ -18,7 +18,7 @@ SUBDIR= apply arch at aucat audioctl awk banner \
midiplay mixerctl mkdep mklocale mktemp nc netstat \
newsyslog \
nfsstat nice nm nl nohup openssl pagesize passwd paste patch pctr \
- pkg-config pkill \
+ pkg-config pkill pledge \
pr printenv printf quota radioctl rcs rdist rdistd \
readlink renice rev rpcgen rpcinfo rs rup rusers rwall \
sdiff script sed sendbug shar showmount signify skey \
diff --git usr.bin/pledge/Makefile usr.bin/pledge/Makefile
new file mode 100644
index 00000000000..cdcccf1af61
--- /dev/null
+++ usr.bin/pledge/Makefile
@@ -0,0 +1,6 @@
+# $OpenBSD$
+
+PROG= pledge
+CFLAGS+= -Wall -Werror
+
+.include <bsd.prog.mk>
diff --git usr.bin/pledge/pledge.1 usr.bin/pledge/pledge.1
new file mode 100644
index 00000000000..e049277fdff
--- /dev/null
+++ usr.bin/pledge/pledge.1
@@ -0,0 +1,44 @@
+.\" $OpenBSD$
+.\"
+.\"Copyright (c) 2017 Ori Bernstein <o...@eigenstate.org>
+.\"
+.\"Permission to use, copy, modify, and distribute this software for any
+.\"purpose with or without fee is hereby granted, provided that the above
+.\"copyright notice and this permission notice appear in all copies.
+.\"
+.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.Dd $Mdocdate: September 4 2017 $
+.Dt PLEDGE 1
+.Os
+.Sh NAME
+.Nm pledge
+.Nd execute commands under a pledge promise
+.Sh SYNOPSIS
+.Nm pledge
+.Ar promise
+.Ar command...
+.Sh DESCRIPTION
+The
+.Nm pledge
+utility executes the given command with the provided pledge
+restrictions. The first argument specifies the
+.Ar promise
+that the
+.Ar command
+will be run under.
+.Sh HISTORY
+The
+.Nm
+command first appeared in
+.Ox 6.2 .
+.Sh BUGS
+This program does not support directory pledges.
+.Sh AUTHORS
+.An Ori Bernstein Aq Mt o...@eigenstate.org
+
diff --git usr.bin/pledge/pledge.c usr.bin/pledge/pledge.c
new file mode 100644
index 00000000000..0431df7c7de
--- /dev/null
+++ usr.bin/pledge/pledge.c
@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <unistd.h>
+#include <err.h>
+
+int
+main(int argc, char **argv)
+{
+ if (argc < 2)
+ errx(1, "%s pledge cmd...\n", argv[0]);
+ if (pledge("stdio exec", argv[1]) == -1)
+ err(1, "pledge");
+ if (execvp(argv[2], &argv[2]) == -1)
+ err(1, "exec");
+ return 0;
+}
