===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/scp.c,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- src/usr.bin/ssh/scp.c	2015/10/16 17:07:24	1.183
+++ src/usr.bin/ssh/scp.c	2015/11/27 00:49:31	1.184
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.183 2015/10/16 17:07:24 mmcc Exp $ */
+/* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -462,6 +462,16 @@
 
 	if (!isatty(STDOUT_FILENO))
 		showprogress = 0;
+
+	if (pflag) {
+		/* Cannot pledge: -p allows setuid/setgid files... */
+	} else {
+		if (pledge("stdio rpath wpath cpath fattr tty proc exec",
+		    NULL) == -1) {
+			perror("pledge");
+			exit(1);
+		}
+	}
 
 	remin = STDIN_FILENO;
 	remout = STDOUT_FILENO;