When setting time, date(1) pledges "wpath" for logwtmp(3). Restrict

this using unveil(2), but ignore errors if /var/log doesn't exist. We
want to be able to set the time if the system is damanged or /var is
not mounted yet.
We also need to unveil everything for reading since we still allow
arbitrary locations of zone info files. Hopefully that will go away
soon.
OK deraadt

diff --git a/bin/date/date.c b/bin/date/date.c
index 635c3f0..36d738a 100644 (file)
--- a/bin/date/date.c
+++ b/bin/date/date.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: date.c,v 1.57 2021/08/11 13:41:48 schwarze Exp $      */
+/*     $OpenBSD: date.c,v 1.58 2022/09/19 15:36:20 florian Exp $       */
 /*     $NetBSD: date.c,v 1.11 1995/09/07 06:21:05 jtc Exp $    */
 
 /*
@@ -145,6 +145,10 @@ setthetime(char *p, const char *pformat)
        time_t now;
        int yearset = 0;
 
+       if (unveil("/", "r") == -1)
+               err(1, "unveil /");
+       /* Let us set the time even if logwtmp would fail. */
+       unveil("/var/log/wtmp", "w");
        if (pledge("stdio settime rpath wpath", NULL) == -1)
                err(1, "pledge");