From a131c912b68d3bbb169054e3efb7a83e313dc0ce Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sat, 10 Oct 2015 20:10:14 +0000
Subject: [PATCH] pledge "dns rw" is not a reliable pattern.  This means
 malloc() and other types of functions (perhaps required by 'stdio' or
 'libevent' will not become available unless DNS suceeds.  Replace it with
 "stdio dns".

---
 src/usr.sbin/ntpd/ntp_dns.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/usr.sbin/ntpd/ntp_dns.c b/src/usr.sbin/ntpd/ntp_dns.c
index 6046ba7b..f00ef1d2 100644
--- a/src/usr.sbin/ntpd/ntp_dns.c
+++ b/src/usr.sbin/ntpd/ntp_dns.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntp_dns.c,v 1.12 2015/10/09 01:37:09 deraadt Exp $ */
+/*	$OpenBSD: ntp_dns.c,v 1.13 2015/10/10 20:10:14 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003-2008 Henning Brauer <henning@openbsd.org>
@@ -90,7 +90,7 @@ ntp_dns(int pipe_ntp[2], struct ntpd_conf *nconf, struct passwd *pw)
 		fatal(NULL);
 	imsg_init(ibuf_dns, pipe_ntp[1]);
 
-	if (pledge("dns rw", NULL) == -1)
+	if (pledge("stdio dns", NULL) == -1)
 		err(1, "pledge");
 
 	while (quit_dns == 0) {