===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/which/which.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- src/usr.bin/which/which.c	2015/01/16 06:40:14	1.20
+++ src/usr.bin/which/which.c	2015/10/10 19:02:19	1.21
@@ -1,4 +1,4 @@
-/*	$OpenBSD: which.c,v 1.20 2015/01/16 06:40:14 deraadt Exp $	*/
+/*	$OpenBSD: which.c,v 1.21 2015/10/10 19:02:19 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -83,6 +83,9 @@
 		err(1, "Can't set gid to %u", getegid());
 	if (setuid(geteuid()))
 		err(1, "Can't set uid to %u", geteuid());
+
+	if (pledge("stdio rpath", NULL) == -1)
+		err(1, "pledge");
 
 	for (n = 0; n < argc; n++)
 		if (findprog(argv[n], path, progmode, allmatches) == 0)