From 79c1e983a5afdc9af61f455cd00f964772cde4be Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Wed, 8 Aug 2018 22:59:34 +0000
Subject: lockspool only plays with files in _PATH_MAILDIR, so unveil that
 path.

---
 libexec/lockspool/lockspool.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'libexec/lockspool')

diff --git a/libexec/lockspool/lockspool.c b/libexec/lockspool/lockspool.c
index 4192929f47f..6f21c08b100 100644
--- a/libexec/lockspool/lockspool.c
+++ b/libexec/lockspool/lockspool.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lockspool.c,v 1.18 2015/11/24 00:19:29 deraadt Exp $	*/
+/*	$OpenBSD: lockspool.c,v 1.19 2018/08/08 22:59:33 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1998 Theo de Raadt <deraadt@theos.com>
@@ -32,6 +32,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <stdio.h>
+#include <paths.h>
 #include <stdlib.h>
 #include <poll.h>
 #include <err.h>
@@ -52,6 +53,8 @@ main(int argc, char *argv[])
 	char *from, c;
 	int holdfd;
 
+	if (unveil(_PATH_MAILDIR, "rwc") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath wpath getpw cpath fattr", NULL) == -1)
 		err(1, "pledge");
 
-- 
cgit v1.2.3