Mailing List Archive

From:: Nick Owens <mischief@offblast.org>
Subject:: do not let unprivileged users lock out syspatch
To:: tech@openbsd.org
Date:: Wed, 11 Feb 2026 02:38:06 -0800

Download raw body.

Thread

2026-02-11 10:38 Nick Owens:
do not let unprivileged users lock out syspatch

currently unprivileged users can prevent syspatch from running with a
simple /bin/ksh /tmp/reorder_kernel where /tmp/reorder kernel is
sleeping forever. a simple patch fixes this.

diff --git a/usr.sbin/syspatch/syspatch.sh b/usr.sbin/syspatch/syspatch.sh
index 5b8f0b8dc2e..0405d318d63 100644
--- a/usr.sbin/syspatch/syspatch.sh
+++ b/usr.sbin/syspatch/syspatch.sh
@@ -283,7 +283,7 @@ set -A _KERNV -- $(sysctl -n kern.version |
 
 [[ $@ == @(|-[[:alpha:]]) ]] || usage; [[ $@ == @(|-(c|R|r)) ]] &&
 	(($(id -u) != 0)) && err "need root privileges"
-[[ $@ == @(|-(R|r)) ]] && pgrep -qxf '/bin/ksh .*reorder_kernel' &&
+[[ $@ == @(|-(R|r)) ]] && pgrep -U 0 -qxf '/bin/ksh .*reorder_kernel' &&
 	err "cannot apply patches while reorder_kernel is running"
 
 _OSrev=${_KERNV[0]%.*}${_KERNV[0]#*.}

2026-02-11 10:38 Nick Owens:
do not let unprivileged users lock out syspatch