Index | Thread | Search

From:
Alexander Bluhm <bluhm@openbsd.org>
Subject:
Re: fix calendar -a
To:
tech <tech@openbsd.org>
Date:
Mon, 16 Mar 2026 17:05:17 +0100

Download raw body.

Thread 
On Mon, Mar 16, 2026 at 03:17:30PM +0000, Stuart Henderson wrote:
> ok?
> 
> ? ktrace.out
> Index: calendar.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/calendar/calendar.c,v
> diff -u -p -r1.39 calendar.c
> --- calendar.c	18 Feb 2026 21:40:55 -0000	1.39
> +++ calendar.c	16 Mar 2026 15:17:08 -0000
> @@ -128,6 +128,8 @@ main(int argc, char *argv[])
>  	if (doall) {
>  		if (unveil("/tmp", "rwc") == -1)
>  			err(1, "unveil /tmp");
> +		if (unveil("/dev/null", "rw") == -1)
> +			err(1, "unveil /dev/null");
>  		if (unveil("/", "r") == -1)
>  			err(1, "unveil /");
>  		if (pledge("stdio rpath wpath cpath fattr getpw id proc exec",
> 
> 

I got a mail from James J. Lippard that more unveil is needed for
callendar -a.  I did not look into it yet.  Anyone using calendar
-a who can confirm that this is also necessary?

bluhm

@@ -130,6 +130,10 @@
                        err(1, "unveil /tmp");
                if (unveil("/", "r") == -1)
                        err(1, "unveil /");
+               if (unveil(_PATH_SENDMAIL, "rx") == -1)
+                       err(1, "unveil sendmail");
+               if (unveil(_PATH_CPP, "rx") == -1)
+                       err(1, "unveil sendmail");
                if (pledge("stdio rpath wpath cpath fattr getpw id proc exec",
                    NULL) == -1)
                        err(1, "pledge");