pledge() a little later, after getopt operation, when we know tty name.

We can then unveil the tty file, and pledge() as before.  No other files
are accessed after that point in time.

diff --git a/usr.bin/mesg/mesg.c b/usr.bin/mesg/mesg.c
index e7e9600..a2dc944 100644 (file)
--- a/usr.bin/mesg/mesg.c
+++ b/usr.bin/mesg/mesg.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mesg.c,v 1.12 2016/07/07 09:26:26 semarie Exp $       */
+/*     $OpenBSD: mesg.c,v 1.13 2018/08/03 06:57:34 deraadt Exp $       */
 /*     $NetBSD: mesg.c,v 1.4 1994/12/23 07:16:32 jtc Exp $     */
 
 /*
@@ -52,9 +52,6 @@ main(int argc, char *argv[])
        char *tty;
        int ch;
 
-       if (pledge("stdio rpath fattr", NULL) == -1)
-               err(2, "pledge");
-
        while ((ch = getopt(argc, argv, "")) != -1)
                switch (ch) {
                case '?':
@@ -66,6 +63,12 @@ main(int argc, char *argv[])
 
        if ((tty = ttyname(STDERR_FILENO)) == NULL)
                err(2, "ttyname");
+
+       if (unveil(tty, "rw") == -1)
+               err(1, "unveil");
+       if (pledge("stdio rpath fattr", NULL) == -1)
+               err(1, "unveil");
+
        if (stat(tty, &sb) < 0)
                err(2, "%s", tty);