From 51d464e83edf6be0780db4da822f6b389d86d136 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 24 Sep 2018 22:56:54 +0000
Subject: [PATCH] unveil maildir, utmp, /tmp, and /dev.  For the vast number of
 people using biff.

---
 libexec/comsat/comsat.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index df7283b29ac..3a90d34d94a 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: comsat.c,v 1.48 2017/04/03 17:23:39 tedu Exp $	*/
+/*	$OpenBSD: comsat.c,v 1.49 2018/09/24 22:56:54 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -91,6 +91,14 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 
+	if (unveil(_PATH_MAILDIR, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_UTMP, "r") == -1)
+		err(1, "unveil");
+	if (unveil("/tmp", "w") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_DEV, "rw") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath wpath proc tty", NULL) == -1)
 		err(1, "pledge");
 
-- 
2.20.1