From e75afad489fc129ba1ace5131f56eb57e6cc0452 Mon Sep 17 00:00:00 2001
From: dgl <dgl@openbsd.org>
Date: Fri, 27 Mar 2026 05:15:25 +0000
Subject: [PATCH] stat() and access() become "rpath", this is safe because
 pledge_namei no longer has a special case for these two system calls. With
 this change pledge "stdio" no longer lets user code reach namei().

ok deraadt
---
 sys/kern/kern_pledge.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index eb0155c894e..21861720b8b 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.355 2026/03/26 05:21:06 dgl Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.356 2026/03/27 05:15:25 dgl Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -243,8 +243,8 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
 	 */
 	[SYS_open] = PLEDGE_RPATH | PLEDGE_WPATH,
 	[SYS___pledge_open] = PLEDGE_STDIO,
-	[SYS_stat] = PLEDGE_STDIO,
-	[SYS_access] = PLEDGE_STDIO,
+	[SYS_stat] = PLEDGE_RPATH,
+	[SYS_access] = PLEDGE_RPATH,
 	[SYS_readlink] = PLEDGE_RPATH,
 	[SYS___realpath] = PLEDGE_RPATH,