From ed3a953df5952b0cb0531de63c91b6ecf25b7930 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 3 Aug 2018 06:55:41 +0000
Subject: [PATCH] unveil of _PATH_DEVDB "/var/run/dev.db" can be done before
 pledge for use by ttyname, no other files are accessed after that.

---
 usr.bin/tty/tty.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/usr.bin/tty/tty.c b/usr.bin/tty/tty.c
index 5977cf26bcc..0409f441aca 100644
--- a/usr.bin/tty/tty.c
+++ b/usr.bin/tty/tty.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tty.c,v 1.10 2015/10/12 19:56:47 naddy Exp $	*/
+/*	$OpenBSD: tty.c,v 1.11 2018/08/03 06:55:41 deraadt Exp $	*/
 /*	$NetBSD: tty.c,v 1.4 1994/12/07 00:46:57 jtc Exp $	*/
 
 /*
@@ -33,6 +33,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <paths.h>
 #include <err.h>
 
 static void usage(void);
@@ -43,9 +44,6 @@ main(int argc, char *argv[])
 	int ch, sflag;
 	char *t;
 
-	if (pledge("stdio rpath", NULL) == -1)
-		err(1, "pledge");
-
 	sflag = 0;
 	while ((ch = getopt(argc, argv, "s")) != -1) {
 		switch(ch) {
@@ -59,6 +57,11 @@ main(int argc, char *argv[])
 		}
 	}
 
+	if (unveil(_PATH_DEVDB, "r") == -1)
+		err(1, "unveil");
+	if (pledge("stdio rpath", NULL) == -1)
+		err(1, "pledge");
+
 	t = ttyname(STDIN_FILENO);
 	if (!sflag)
 		puts(t ? t : "not a tty");
-- 
2.20.1