===================================================================
RCS file: /cvs/mandoc/cgi.c,v
retrieving revision 1.147
retrieving revision 1.148
diff -u -p -r1.147 -r1.148
--- mandoc/cgi.c	2017/02/08 13:34:27	1.147
+++ mandoc/cgi.c	2017/02/22 16:20:01	1.148
@@ -1,4 +1,4 @@
-/*	$Id: cgi.c,v 1.147 2017/02/08 13:34:27 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.148 2017/02/22 16:20:01 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
@@ -977,6 +977,22 @@ main(void)
 	const char	*path;
 	const char	*querystring;
 	int		 i;
+
+#if HAVE_PLEDGE
+	/*
+	 * The "rpath" pledge could be revoked after mparse_readfd()
+	 * if the file desciptor to "/footer.html" would be opened
+	 * up front, but it's probably not worth the complication
+	 * of the code it would cause: it would require scattering
+	 * pledge() calls in multiple low-level resp_*() functions.
+	 */
+
+	if (pledge("stdio rpath", NULL) == -1) {
+		warn("pledge");
+		pg_error_internal();
+		return EXIT_FAILURE;
+	}
+#endif
 
 	/* Poor man's ReDoS mitigation. */