It is possible to pledge() on startup, which seems like a good idea since
write is sgid tty.

Also, replace the obnoxious ctime code with hardcoded indices to a more
modern use of strftime.



Index: write.c
===================================================================
RCS file: /vide/cvs/src/usr.bin/write/write.c,v
diff -u -p -r1.36 write.c
--- write.c	24 Oct 2021 21:24:18 -0000	1.36
+++ write.c	9 Jun 2026 08:51:23 -0000
@@ -65,6 +65,8 @@ main(int argc, char *argv[])
 	time_t atime;
 	uid_t myuid;
 
+	if (pledge("stdio rpath wpath id", NULL) == -1)
+		err(1, "pledge");
 	/* check that sender has write enabled */
 	if (isatty(fileno(stdin)))
 		myttyfd = fileno(stdin);
@@ -225,9 +227,9 @@ void
 do_write(char *tty, char *mytty, uid_t myuid)
 {
 	const char *login;
-	char *nows;
-	time_t now;
 	char path[PATH_MAX], host[HOST_NAME_MAX+1], line[512];
+	time_t now;
+	char nows[12];
 	gid_t gid;
 	int fd;
 
@@ -263,11 +265,10 @@ do_write(char *tty, char *mytty, uid_t m
 	/* print greeting */
 	if (gethostname(host, sizeof(host)) == -1)
 		(void)strlcpy(host, "???", sizeof host);
-	now = time(NULL);
-	nows = ctime(&now);
-	nows[16] = '\0';
+	time(&now);
+	strftime(nows, sizeof nows, "%H:%M", localtime(&now));
 	(void)printf("\r\n\007\007\007Message from %s@%s on %s at %s ...\r\n",
-	    login, host, mytty, nows + 11);
+	    login, host, mytty, nows);
 
 	while (fgets(line, sizeof(line), stdin) != NULL)
 		wr_fputs(line);