From e05dc1d889a9fcc6465932d101dfa8e0fe55ffef Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Wed, 18 Feb 2026 15:54:20 +0000
Subject: [PATCH] replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath
 wpath cpath". ok ok

---
 usr.sbin/smtpd/smtpc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/smtpd/smtpc.c b/usr.sbin/smtpd/smtpc.c
index 33d84c7c574..939b32a111e 100644
--- a/usr.sbin/smtpd/smtpc.c
+++ b/usr.sbin/smtpd/smtpc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpc.c,v 1.21 2024/05/13 06:48:26 jsg Exp $	*/
+/*	$OpenBSD: smtpc.c,v 1.22 2026/02/18 15:54:20 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2018 Eric Faurot <eric@openbsd.org>
@@ -245,7 +245,9 @@ main(int argc, char **argv)
 	} else
 		tls_config_verify(tls_config);
 
-	if (pledge("stdio inet dns tmppath", NULL) == -1)
+	if (unveil("/tmp", "rwc") == -1)
+		fatal("unveil /tmp");
+	if (pledge("stdio inet dns rpath wpath cpath", NULL) == -1)
 		fatal("pledge");
 
 	if (!noaction)