From d54c1ef4ddad668bd10a4515bcf2d01d4a20d166 Mon Sep 17 00:00:00 2001
From: florian <florian@openbsd.org>
Date: Mon, 19 Sep 2022 15:36:20 +0000
Subject: [PATCH] When setting time, date(1) pledges "wpath" for logwtmp(3).
 Restrict this using unveil(2), but ignore errors if /var/log doesn't exist.
 We want to be able to set the time if the system is damanged or /var is not
 mounted yet. We also need to unveil everything for reading since we still
 allow arbitrary locations of zone info files. Hopefully that will go away
 soon. OK deraadt

---
 bin/date/date.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/bin/date/date.c b/bin/date/date.c
index 635c3f006d0..36d738a8fdb 100644
--- a/bin/date/date.c
+++ b/bin/date/date.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: date.c,v 1.57 2021/08/11 13:41:48 schwarze Exp $	*/
+/*	$OpenBSD: date.c,v 1.58 2022/09/19 15:36:20 florian Exp $	*/
 /*	$NetBSD: date.c,v 1.11 1995/09/07 06:21:05 jtc Exp $	*/
 
 /*
@@ -145,6 +145,10 @@ setthetime(char *p, const char *pformat)
 	time_t now;
 	int yearset = 0;
 
+	if (unveil("/", "r") == -1)
+		err(1, "unveil /");
+	/* Let us set the time even if logwtmp would fail. */
+	unveil("/var/log/wtmp", "w");
 	if (pledge("stdio settime rpath wpath", NULL) == -1)
 		err(1, "pledge");
 
-- 
2.20.1