From: Nick Owens <mischief@offblast.org>
Subject: do not let unprivileged users lock out syspatch
To: tech@openbsd.org
Date: Wed, 11 Feb 2026 02:38:06 -0800

currently unprivileged users can prevent syspatch from running with a
simple /bin/ksh /tmp/reorder_kernel where /tmp/reorder kernel is
sleeping forever. a simple patch fixes this.

diff --git a/usr.sbin/syspatch/syspatch.sh b/usr.sbin/syspatch/syspatch.sh
index 5b8f0b8dc2e..0405d318d63 100644
--- a/usr.sbin/syspatch/syspatch.sh
+++ b/usr.sbin/syspatch/syspatch.sh
@@ -283,7 +283,7 @@ set -A _KERNV -- $(sysctl -n kern.version |
 
 [[ $@ == @(|-[[:alpha:]]) ]] || usage; [[ $@ == @(|-(c|R|r)) ]] &&
 	(($(id -u) != 0)) && err "need root privileges"
-[[ $@ == @(|-(R|r)) ]] && pgrep -qxf '/bin/ksh .*reorder_kernel' &&
+[[ $@ == @(|-(R|r)) ]] && pgrep -U 0 -qxf '/bin/ksh .*reorder_kernel' &&
 	err "cannot apply patches while reorder_kernel is running"
 
 _OSrev=${_KERNV[0]%.*}${_KERNV[0]#*.}