From: "Theo de Raadt" Subject: Re: fix calendar -a To: Alexander Bluhm Cc: tech Date: Mon, 16 Mar 2026 10:45:32 -0600 I doubt you need "rx". Does "x" not work? > On Mon, Mar 16, 2026 at 03:17:30PM +0000, Stuart Henderson wrote: > > ok? > > > > ? ktrace.out > > Index: calendar.c > > =================================================================== > > RCS file: /cvs/src/usr.bin/calendar/calendar.c,v > > diff -u -p -r1.39 calendar.c > > --- calendar.c 18 Feb 2026 21:40:55 -0000 1.39 > > +++ calendar.c 16 Mar 2026 15:17:08 -0000 > > @@ -128,6 +128,8 @@ main(int argc, char *argv[]) > > if (doall) { > > if (unveil("/tmp", "rwc") == -1) > > err(1, "unveil /tmp"); > > + if (unveil("/dev/null", "rw") == -1) > > + err(1, "unveil /dev/null"); > > if (unveil("/", "r") == -1) > > err(1, "unveil /"); > > if (pledge("stdio rpath wpath cpath fattr getpw id proc exec", > > > > > > I got a mail from James J. Lippard that more unveil is needed for > callendar -a. I did not look into it yet. Anyone using calendar > -a who can confirm that this is also necessary? > > bluhm > > @@ -130,6 +130,10 @@ > err(1, "unveil /tmp"); > if (unveil("/", "r") == -1) > err(1, "unveil /"); > + if (unveil(_PATH_SENDMAIL, "rx") == -1) > + err(1, "unveil sendmail"); > + if (unveil(_PATH_CPP, "rx") == -1) > + err(1, "unveil sendmail"); > if (pledge("stdio rpath wpath cpath fattr getpw id proc exec", > NULL) == -1) > err(1, "pledge"); >