From 4538572b6b255b20e2c8d3fc8d9311d6473559cb Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Fri, 19 Jul 2024 15:28:51 +0000
Subject: [PATCH] unveil(2) /etc/gettytab.db in getty(8) to avoid possible
 violation.

OK deraadt@
---
 libexec/getty/main.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libexec/getty/main.c b/libexec/getty/main.c
index dac5ad3449b..74b3aa27779 100644
--- a/libexec/getty/main.c
+++ b/libexec/getty/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.55 2024/04/28 16:42:53 florian Exp $	*/
+/*	$OpenBSD: main.c,v 1.56 2024/07/19 15:28:51 bluhm Exp $	*/
 
 /*-
  * Copyright (c) 1980, 1993
@@ -172,7 +172,8 @@ main(int argc, char *argv[])
 
 	tname = "default";
 
-	if (unveil(_PATH_GETTYTAB, "r") == -1) {
+	if (unveil(_PATH_GETTYTAB, "r") == -1 ||
+	    unveil(_PATH_GETTYTAB ".db", "r") == -1) {
 		syslog(LOG_ERR, "%s: %m", tname);
 		exit(1);
 	}
-- 
2.20.1