From af212fce6a22a6928d5329caf96d2e564210cea1 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sat, 3 Oct 2015 02:47:15 +0000
Subject: [PATCH] In the ntpctl(1) case, after it has connect()'d to ntpd we
 can tame "stdio" since that is all it will do till termination.

---
 src/usr.sbin/ntpd/ntpd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index 0b591e85..b5fe4e02 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntpd.c,v 1.94 2015/07/18 00:53:44 bcook Exp $ */
+/*	$OpenBSD: ntpd.c,v 1.95 2015/10/03 02:47:15 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -565,6 +565,9 @@ ctl_main(int argc, char *argv[])
 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1)
 		err(1, "connect: %s", sockname);
 
+	if (tame("stdio", NULL) == -1)
+		err(1, "tame");
+
 	if ((ibuf_ctl = malloc(sizeof(struct imsgbuf))) == NULL)
 		err(1, NULL);
 	imsg_init(ibuf_ctl, fd);