tame "stdio rpath wpath". rpath is for localtime() and mktime(),

while wpath is for logwtmp(), a bit pessimistically since it is not clear
what could happen.
This is done AFTER the time is potentially set, since settimeofday() is
not available to us.  Improvements and tests would be welcome.

diff --git a/bin/date/date.c b/bin/date/date.c
index 6d12c7d..fb19a99 100644 (file)
--- a/bin/date/date.c
+++ b/bin/date/date.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: date.c,v 1.47 2015/04/17 16:47:47 deraadt Exp $       */
+/*     $OpenBSD: date.c,v 1.48 2015/10/07 05:59:36 deraadt Exp $       */
 /*     $NetBSD: date.c,v 1.11 1995/09/07 06:21:05 jtc Exp $    */
 
 /*
@@ -127,6 +127,9 @@ main(int argc, char *argv[])
                argc--;
        }
 
+       if (tame("stdio rpath wpath", NULL) == -1)
+               err(1, "tame");
+
        if (*argv && **argv == '+') {
                format = *argv + 1;
                argc--;