Download raw body.
fix calendar -a
On 2026/03/16 10:45, Theo de Raadt wrote:
> I doubt you need "rx".
>
> Does "x" not work?
it does, but / is already unveiled 'r' so using just 'x' for those
doesn't seem any better?
> > On Mon, Mar 16, 2026 at 03:17:30PM +0000, Stuart Henderson wrote:
> > > ok?
> > >
> > > ? ktrace.out
> > > Index: calendar.c
> > > ===================================================================
> > > RCS file: /cvs/src/usr.bin/calendar/calendar.c,v
> > > diff -u -p -r1.39 calendar.c
> > > --- calendar.c 18 Feb 2026 21:40:55 -0000 1.39
> > > +++ calendar.c 16 Mar 2026 15:17:08 -0000
> > > @@ -128,6 +128,8 @@ main(int argc, char *argv[])
> > > if (doall) {
> > > if (unveil("/tmp", "rwc") == -1)
> > > err(1, "unveil /tmp");
> > > + if (unveil("/dev/null", "rw") == -1)
> > > + err(1, "unveil /dev/null");
> > > if (unveil("/", "r") == -1)
> > > err(1, "unveil /");
> > > if (pledge("stdio rpath wpath cpath fattr getpw id proc exec",
> > >
> > >
> >
> > I got a mail from James J. Lippard that more unveil is needed for
> > callendar -a. I did not look into it yet. Anyone using calendar
> > -a who can confirm that this is also necessary?
> >
> > bluhm
> >
> > @@ -130,6 +130,10 @@
> > err(1, "unveil /tmp");
> > if (unveil("/", "r") == -1)
> > err(1, "unveil /");
> > + if (unveil(_PATH_SENDMAIL, "rx") == -1)
> > + err(1, "unveil sendmail");
> > + if (unveil(_PATH_CPP, "rx") == -1)
> > + err(1, "unveil sendmail");
> > if (pledge("stdio rpath wpath cpath fattr getpw id proc exec",
> > NULL) == -1)
> > err(1, "pledge");
> >
>
fix calendar -a