===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.101
retrieving revision 1.102
diff -c -r1.101 -r1.102
*** src/usr.bin/signify/signify.c	2015/10/08 16:45:50	1.101
--- src/usr.bin/signify/signify.c	2015/10/09 01:37:08	1.102
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.101 2015/10/08 16:45:50 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.102 2015/10/09 01:37:08 deraadt Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 663,670 ****
  		VERIFY
  	} verb = NONE;
  
! 	if (tame("stdio rpath wpath cpath tty", NULL) == -1)
! 		err(1, "tame");
  
  	rounds = 42;
  
--- 663,670 ----
  		VERIFY
  	} verb = NONE;
  
! 	if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
! 		err(1, "pledge");
  
  	rounds = 42;
  
***************
*** 730,750 ****
  		/* keep it all */
  		break;
  	case CHECK:
! 		if (tame("stdio rpath", NULL) == -1)
! 			err(1, "tame");
  		break;
  	case VERIFY:
  		if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) {
! 			if (tame("stdio rpath wpath cpath", NULL) == -1)
! 				err(1, "tame");
  		} else {
! 			if (tame("stdio rpath", NULL) == -1)
! 				err(1, "tame");
  		}
  		break;
  	default:
! 		if (tame("stdio", NULL) == -1)
! 			err(1, "tame");
  		break;
  	}
  
--- 730,750 ----
  		/* keep it all */
  		break;
  	case CHECK:
! 		if (pledge("stdio rpath", NULL) == -1)
! 			err(1, "pledge");
  		break;
  	case VERIFY:
  		if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) {
! 			if (pledge("stdio rpath wpath cpath", NULL) == -1)
! 				err(1, "pledge");
  		} else {
! 			if (pledge("stdio rpath", NULL) == -1)
! 				err(1, "pledge");
  		}
  		break;
  	default:
! 		if (pledge("stdio", NULL) == -1)
! 			err(1, "pledge");
  		break;
  	}