From 9b5cd4f05cb6d6032b4a685026cfc7ba8556924b Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Tue, 7 Aug 2018 18:28:05 +0000
Subject: [PATCH] unveil can be used to restrict access to utmp and /dev

---
 usr.bin/wall/wall.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c
index b45c4e6e44b..d07e54c7d23 100644
--- a/usr.bin/wall/wall.c
+++ b/usr.bin/wall/wall.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: wall.c,v 1.32 2016/08/01 20:30:25 martijn Exp $	*/
+/*	$OpenBSD: wall.c,v 1.33 2018/08/07 18:28:05 deraadt Exp $	*/
 /*	$NetBSD: wall.c,v 1.6 1994/11/17 07:17:58 jtc Exp $	*/
 
 /*
@@ -115,6 +115,10 @@ main(int argc, char **argv)
 
 	makemsg(*argv);
 
+	if (unveil(_PATH_UTMP, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_DEV, "w") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath wpath getpw proc", NULL) == -1)
 		err(1, "pledge");
 
-- 
2.20.1