millert points out I can just call tzset() early to avoid having to

permit access() in the child.

diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c
index 2d65e65..81294d8 100644 (file)
--- a/usr.bin/file/file.c
+++ b/usr.bin/file/file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: file.c,v 1.43 2015/05/29 12:33:41 nicm Exp $ */
+/* $OpenBSD: file.c,v 1.44 2015/05/29 15:58:34 nicm Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -31,6 +31,7 @@
 #include <fcntl.h>
 #include <pwd.h>
 #include <stdlib.h>
+#include <time.h>
 #include <unistd.h>
 
 #include "file.h"
@@ -123,6 +124,8 @@ main(int argc, char **argv)
        struct input_ack        *ack;
        pid_t                    pid, parent;
 
+       tzset();
+
        for (;;) {
                opt = getopt_long(argc, argv, "bchiLsW", longopts, NULL);
                if (opt == -1)

diff --git a/usr.bin/file/sandbox.c b/usr.bin/file/sandbox.c
index 3831835..597997a 100644 (file)
--- a/usr.bin/file/sandbox.c
+++ b/usr.bin/file/sandbox.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox.c,v 1.6 2015/05/29 12:38:28 nicm Exp $ */
+/* $OpenBSD: sandbox.c,v 1.7 2015/05/29 15:58:34 nicm Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -40,7 +40,6 @@ static const struct
 } allowed_syscalls[] = {
        { SYS_open, SYSTR_POLICY_NEVER }, /* for strerror */
 
-       { SYS_access, SYSTR_POLICY_PERMIT },
        { SYS_close, SYSTR_POLICY_PERMIT },
        { SYS_exit, SYSTR_POLICY_PERMIT },
        { SYS_fcntl, SYSTR_POLICY_PERMIT },