===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/htpasswd/htpasswd.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -r1.16 -r1.17
*** src/usr.bin/htpasswd/htpasswd.c	2017/06/07 09:11:52	1.16
--- src/usr.bin/htpasswd/htpasswd.c	2018/10/31 07:39:10	1.17
***************
*** 1,4 ****
! /*	$OpenBSD: htpasswd.c,v 1.16 2017/06/07 09:11:52 awolk Exp $ */
  /*
   * Copyright (c) 2014 Florian Obser <florian@openbsd.org>
   *
--- 1,4 ----
! /*	$OpenBSD: htpasswd.c,v 1.17 2018/10/31 07:39:10 mestre Exp $ */
  /*
   * Copyright (c) 2014 Florian Obser <florian@openbsd.org>
   *
***************
*** 57,65 ****
  	ssize_t linelen;
  	mode_t old_umask;
  
- 	if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
- 		err(1, "pledge");
- 
  	while ((c = getopt(argc, argv, "I")) != -1) {
  		switch (c) {
  		case 'I':
--- 57,62 ----
***************
*** 74,79 ****
--- 71,85 ----
  
  	argc -= optind;
  	argv += optind;
+ 
+ 	if ((batch && argc == 1) || (!batch && argc == 2)) {
+ 		if (unveil(argv[0], "rwc") == -1)
+ 			err(1, "unveil");
+ 		if (unveil("/tmp", "rwc") == -1)
+ 			err(1, "unveil");
+ 	}
+ 	if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
+ 		err(1, "pledge");
  
  	if (batch) {
  		if (argc == 1)