let the enqueuer pledge() in both online and offline modes

ok deraadt@

2 files changed, 13 insertions, 3 deletions

diff --git a/usr.sbin/smtpd/enqueue.c b/usr.sbin/smtpd/enqueue.c
index 7d8c3fd5d0f..a6fbd9df7a8 100644
--- a/usr.sbin/smtpd/enqueue.c
+++ b/usr.sbin/smtpd/enqueue.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: enqueue.c,v 1.99 2015/10/12 21:32:27 millert Exp $	*/
+/*	$OpenBSD: enqueue.c,v 1.100 2015/10/13 08:06:22 gilles Exp $	*/
 
 /*
  * Copyright (c) 2005 Henning Brauer <henning@bulabula.org>
@@ -286,12 +286,18 @@ enqueue(int argc, char *argv[], FILE *ofp)
 	/* check if working in offline mode */
 	/* If the server is not running, enqueue the message offline */
 
-	if (!srv_connected())
+	if (!srv_connected()) {
+		if (pledge("stdio", NULL) == -1)
+			err(1, "pledge");
 		return (enqueue_offline(save_argc, save_argv, fp, ofp));
+	}
 
 	if ((msg.fd = open_connection()) == -1)
 		errx(EX_UNAVAILABLE, "server too busy");
 
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+	
 	fout = fdopen(msg.fd, "a+");
 	if (fout == NULL)
 		err(EX_UNAVAILABLE, "fdopen");
diff --git a/usr.sbin/smtpd/smtpctl.c b/usr.sbin/smtpd/smtpctl.c
index 27e454eca39..725c66c4efd 100644
--- a/usr.sbin/smtpd/smtpctl.c
+++ b/usr.sbin/smtpd/smtpctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpctl.c,v 1.129 2015/10/12 07:58:19 deraadt Exp $	*/
+/*	$OpenBSD: smtpctl.c,v 1.130 2015/10/13 08:06:22 gilles Exp $	*/
 
 /*
  * Copyright (c) 2013 Eric Faurot <eric@openbsd.org>
@@ -931,6 +931,10 @@ main(int argc, char **argv)
 		if (setresgid(gid, gid, gid) == -1)
 			err(1, "setresgid");
 
+		/* we'll reduce further down the road */
+		if (pledge("stdio rpath tmppath getpw recvfd", NULL) == -1)
+			err(1, "pledge");
+		
 		sendmail = 1;
 		return (enqueue(argc, argv, offlinefp));
 	}