commit 372a3fbe653303623b07120cd1c59c44bc01a98e
from: Martijn van Duren <martijn@openbsd.org>
date: Wed Feb 25 11:11:57 2026 UTC

tmppath is going away, use unveil(/tmp) + pledge(rpath wpath cpath)

commit - 3b048969957965668db0513c3bf3da410aadd305
commit + 372a3fbe653303623b07120cd1c59c44bc01a98e
blob - 011d047d5401c07146103693f7b58fc5289bdf94
blob + 5e93f61fd77a7063fb3e5b76e8abf5ec1508bfab
--- Makefile.gnu
+++ Makefile.gnu
@@ -2,8 +2,8 @@ LOCALBASE?=	/usr/
 
 PROG=		filter-dkimsign
 MAN=		filter-dkimsign.8
-BINDIR=		${LOCALBASE}/libexec/opensmtpd/
-MANDIR=		${LOCALBASE}/share/man/man8
+BINDIR?=	${LOCALBASE}/libexec/opensmtpd/
+MANDIR?=	${LOCALBASE}/share/man/man8
 
 SRCS+=		main.c mheader.c
 
@@ -39,6 +39,7 @@ NEED_REALLOCARRAY?=	1
 NEED_RECALLOCARRAY?=	1
 NEED_STRLCAT?=		1
 NEED_STRTONUM?=		1
+NEED_UNVEIL?=		1
 NEED_PLEDGE?=		1
 
 MANFORMAT?=		mangz
@@ -87,6 +88,9 @@ CFLAGS+=	-DNEED_STRTONUM=1
 strtonum.o: ${CURDIR}/openbsd-compat/strtonum.c
 	${CC} ${CFLAGS} -c -o strtonum.o ${CURDIR}/openbsd-compat/strtonum.c
 endif
+ifeq (${NEED_UNVEIL}, 1)
+CFLAGS+=	-DNEED_UNVEIL=1
+endif
 ifeq (${NEED_PLEDGE}, 1)
 CFLAGS+=	-DNEED_PLEDGE=1
 endif
blob - c6588e444e83cdff91e38513347f71cd16bb5651
blob + b1027a5fcadf7e974cff462f4316f837c81d5565
--- main.c
+++ main.c
@@ -22,6 +22,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
+#include <paths.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -220,7 +221,9 @@ main(int argc, char *argv[])
 
 	OpenSSL_add_all_digests();
 
-	if (pledge("tmppath stdio", NULL) == -1)
+	if (unveil(_PATH_TMP, "rwc") == -1)
+		osmtpd_err(1, "unveil");
+	if (pledge("stdio rpath wpath cpath", NULL) == -1)
 		osmtpd_err(1, "pledge");
 
 	if ((hash_md = EVP_get_digestbyname(hashalg)) == NULL)
blob - b142c5d7f5b60b9eecd9bc79df3bc793505acb49
blob + fb2f1d5192b9e651491b2cbdbdd1f5817afcddde
--- openbsd-compat/openbsd-compat.h
+++ openbsd-compat/openbsd-compat.h
@@ -45,6 +45,13 @@ size_t strlcpy(char *dst, const char *src, size_t size
 #ifdef NEED_STRTONUM
 long long strtonum(const char *nptr, long long minval, long long maxval, const char **errstr);
 #endif
+#ifdef NEED_UNVEIL
+static inline int
+unveil(const char *path, const char *permissions)
+{
+	return 0;
+}
+#endif
 #ifdef NEED_PLEDGE
 static inline int
 pledge(const char *promises, const char *execpromises)