$OpenBSD: patch-bin_dig_dig_c,v 1.11 2019/08/22 16:16:46 sthen Exp $

Index: bin/dig/dig.c
--- bin/dig/dig.c.orig
+++ bin/dig/dig.c
@@ -2251,6 +2251,11 @@ void dig_setup(int argc, char **argv)
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
+	if (pledge("stdio rpath inet unix dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	debug("dig_setup()");
 
 	/* setup dighost callbacks */
@@ -2278,6 +2283,13 @@ void dig_query_setup(bool is_batchfile, bool config_on
 	debug("dig_query_setup");
 
 	parse_args(is_batchfile, config_only, argc, argv);
+
+	/* inet for network connections, dns for resolv.conf, rpath for charset conversion */
+	if (pledge("stdio rpath inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	if (keyfile[0] != 0)
 		setup_file_key();
 	else if (keysecret[0] != 0)
