From bf91cc2988ee0702ec6a4f6d52cbed5c763d4a1a Mon Sep 17 00:00:00 2001
From: dgl <dgl@openbsd.org>
Date: Thu, 26 Mar 2026 05:21:06 +0000
Subject: [PATCH] Drop PLEDGE_CPATH from SYS_open, the flags passed result in
 rpath or wpath pledge always being checked. cpath alone is not enough.

ok deraadt
---
 sys/kern/kern_pledge.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 0caf80a2e90..eb0155c894e 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.354 2026/03/26 00:55:20 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.355 2026/03/26 05:21:06 dgl Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -241,7 +241,7 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
 	 * Path access/creation calls encounter many extensive
 	 * checks done during pledge_namei()
 	 */
-	[SYS_open] = PLEDGE_RPATH | PLEDGE_WPATH | PLEDGE_CPATH,
+	[SYS_open] = PLEDGE_RPATH | PLEDGE_WPATH,
 	[SYS___pledge_open] = PLEDGE_STDIO,
 	[SYS_stat] = PLEDGE_STDIO,
 	[SYS_access] = PLEDGE_STDIO,