The pledge can probably be improved a bit, but I'm not going to do this
in this disabled code. However, cvs is calling getpwuid() all over the
place, so the getpw promise should probably be added to this initial
annotation.
Index: cvs.c
===================================================================
RCS file: /var/cvs/src/usr.bin/cvs/cvs.c,v
retrieving revision 1.157
diff -u -p -r1.157 cvs.c
--- cvs.c 19 Nov 2015 17:44:01 -0000 1.157
+++ cvs.c 3 Jan 2016 18:00:45 -0000
@@ -187,7 +187,7 @@ main(int argc, char **argv)
struct stat st;
char fpath[PATH_MAX];
- if (pledge("stdio rpath wpath cpath fattr proc exec", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath fattr getpw proc exec", NULL) == -1)
err(1, "pledge");
tzset();
