Is it safer to drop the recently added proc and exec pledges if the arguments are not chosen which need them?
Index: lock.c =================================================================== RCS file: /cvs/src/usr.bin/lock/lock.c,v retrieving revision 1.32 diff -u -p -r1.32 lock.c --- lock.c 15 Oct 2015 02:35:04 -0000 1.32 +++ lock.c 16 Oct 2015 01:22:46 -0000 @@ -148,6 +148,8 @@ main(int argc, char *argv[]) strftime(date, sizeof(date), "%c", timp); if (!usemine) { + if (pledge("stdio rpath wpath getpw tty", NULL) == -1) + err(1, "pledge"); /* get key and check again */ if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) || *s == '\0')