From 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 Mon Sep 17 00:00:00 2001
From: "deraadt@openbsd.org" <deraadt@openbsd.org>
Date: Fri, 27 Nov 2015 00:49:31 +0000
Subject: [PATCH] upstream commit

pledge "stdio rpath wpath cpath fattr tty proc exec"
 except for the -p option (which sadly has insane semantics...) ok semarie
 dtucker

Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
---
 scp.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/scp.c b/scp.c
index 842dc66a9..0bdd7cb0b 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.183 2015/10/16 17:07:24 mmcc Exp $ */
+/* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -484,6 +484,16 @@ main(int argc, char **argv)
 	if (!isatty(STDOUT_FILENO))
 		showprogress = 0;
 
+	if (pflag) {
+		/* Cannot pledge: -p allows setuid/setgid files... */
+	} else {
+		if (pledge("stdio rpath wpath cpath fattr tty proc exec",
+		    NULL) == -1) {
+			perror("pledge");
+			exit(1);
+		}
+	}
+
 	remin = STDIN_FILENO;
 	remout = STDOUT_FILENO;