When setting time, date(1) pledges "wpath" for logwtmp(3). Restrict

this using unveil(2), but ignore errors if /var/log doesn't exist. We
want to be able to set the time if the system is damanged or /var is
not mounted yet.
We also need to unveil everything for reading since we still allow
arbitrary locations of zone info files. Hopefully that will go away
soon.
OK deraadt

1 files changed, 5 insertions, 1 deletions

diff --git a/bin/date/date.c b/bin/date/date.c
index 635c3f006d0..36d738a8fdb 100644
--- a/bin/date/date.c
+++ b/bin/date/date.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: date.c,v 1.57 2021/08/11 13:41:48 schwarze Exp $	*/
+/*	$OpenBSD: date.c,v 1.58 2022/09/19 15:36:20 florian Exp $	*/
 /*	$NetBSD: date.c,v 1.11 1995/09/07 06:21:05 jtc Exp $	*/
 
 /*
@@ -145,6 +145,10 @@ setthetime(char *p, const char *pformat)
 	time_t now;
 	int yearset = 0;
 
+	if (unveil("/", "r") == -1)
+		err(1, "unveil /");
+	/* Let us set the time even if logwtmp would fail. */
+	unveil("/var/log/wtmp", "w");
 	if (pledge("stdio settime rpath wpath", NULL) == -1)
 		err(1, "pledge");