Just like in mesg(1) in biff(1) we just need to push down pledge(2) a little

bit to get the tty name. After this we can unveil(2) the tty with rw access in
order to stat(2)/chmod(2) it, once this is done we can put back the same
pledge(2) just right afterwards.

OK deraadt@

diff --git a/usr.bin/biff/biff.c b/usr.bin/biff/biff.c
index 0cf7fd5..9a43b6f 100644 (file)
--- a/usr.bin/biff/biff.c
+++ b/usr.bin/biff/biff.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: biff.c,v 1.15 2016/07/07 09:26:25 semarie Exp $       */
+/*     $OpenBSD: biff.c,v 1.16 2018/08/11 10:59:34 mestre Exp $        */
 /*     $NetBSD: biff.c,v 1.3 1995/03/26 02:34:22 glass Exp $   */
 
 /*
@@ -49,9 +49,6 @@ main(int argc, char *argv[])
        int ch;
        char *name;
 
-       if (pledge("stdio rpath fattr", NULL) == -1)
-               err(2, "pledge");
-
        while ((ch = getopt(argc, argv, "")) != -1)
                switch(ch) {
                case '?':
@@ -64,6 +61,11 @@ main(int argc, char *argv[])
        if ((name = ttyname(STDERR_FILENO)) == NULL)
                err(2, "tty");
 
+       if (unveil(name, "rw") == -1)
+               err(2, "unveil");
+       if (pledge("stdio rpath fattr", NULL) == -1)
+               err(2, "pledge");
+
        if (stat(name, &sb))
                err(2, "stat");