===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/file/file.c,v
retrieving revision 1.51
retrieving revision 1.52
diff -c -r1.51 -r1.52
*** src/usr.bin/file/file.c	2015/10/06 15:39:44	1.51
--- src/usr.bin/file/file.c	2015/10/09 01:37:07	1.52
***************
*** 1,4 ****
! /* $OpenBSD: file.c,v 1.51 2015/10/06 15:39:44 deraadt Exp $ */
  
  /*
   * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
--- 1,4 ----
! /* $OpenBSD: file.c,v 1.52 2015/10/09 01:37:07 deraadt Exp $ */
  
  /*
   * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
***************
*** 223,229 ****
  			msg.error = errno;
  		} else {
  			/*
! 			 * tame(2) doesn't let us pass directory file
  			 * descriptors around - but in fact we don't need them,
  			 * so just don't open directories or symlinks (which
  			 * could be to directories).
--- 223,229 ----
  			msg.error = errno;
  		} else {
  			/*
! 			 * pledge(2) doesn't let us pass directory file
  			 * descriptors around - but in fact we don't need them,
  			 * so just don't open directories or symlinks (which
  			 * could be to directories).
***************
*** 351,358 ****
  	int			 i, idx;
  	size_t			 len, width = 0;
  
! 	if (tame("stdio getpw proc recvfd", NULL) == -1)
! 		err(1, "tame");
  
  	if (geteuid() == 0) {
  		pw = getpwnam(FILE_USER);
--- 351,358 ----
  	int			 i, idx;
  	size_t			 len, width = 0;
  
! 	if (pledge("stdio getpw proc recvfd", NULL) == -1)
! 		err(1, "pledge");
  
  	if (geteuid() == 0) {
  		pw = getpwnam(FILE_USER);
***************
*** 366,373 ****
  			err(1, "setresuid");
  	}
  
! 	if (tame("stdio recvfd", NULL) == -1)
! 		err(1, "tame");
  
  	m = magic_load(magicfp, magicpath, cflag || Wflag);
  	if (cflag) {
--- 366,373 ----
  			err(1, "setresuid");
  	}
  
! 	if (pledge("stdio recvfd", NULL) == -1)
! 		err(1, "pledge");
  
  	m = magic_load(magicfp, magicpath, cflag || Wflag);
  	if (cflag) {