From 7ed008f9564d36435bd789cd2da574d6a032ea7a Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 13 Mar 2026 05:46:32 +0000
Subject: [PATCH] When pledged, if a process receives a bad descriptor the
 receiver should not be killed.  The EPERM approach used for other conditions
 is good enough. Report from Henry Ford this will be errata
 7.8/022_recvfd.patch and 7.7/028_recvfd.patch

---
 sys/kern/kern_pledge.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index d8406a4babb..55b91eb8244 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.346 2026/03/12 15:00:58 deraadt Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.347 2026/03/13 05:46:32 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -750,7 +750,7 @@ pledge_recvfd(struct proc *p, struct file *fp)
 		if (vp->v_type != VDIR)
 			return (0);
 	}
-	return pledge_fail(p, EINVAL, PLEDGE_RECVFD);
+	return (EPERM);
 }
 
 /*