===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/who/who.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -c -r1.27 -r1.28
*** src/usr.bin/who/who.c	2015/10/21 16:06:57	1.27
--- src/usr.bin/who/who.c	2018/08/08 22:55:14	1.28
***************
*** 1,4 ****
! /*	$OpenBSD: who.c,v 1.27 2015/10/21 16:06:57 millert Exp $	*/
  /*	$NetBSD: who.c,v 1.4 1994/12/07 04:28:49 jtc Exp $	*/
  
  /*
--- 1,4 ----
! /*	$OpenBSD: who.c,v 1.28 2018/08/08 22:55:14 deraadt Exp $	*/
  /*	$NetBSD: who.c,v 1.4 1994/12/07 04:28:49 jtc Exp $	*/
  
  /*
***************
*** 74,80 ****
  
  	setlocale(LC_ALL, "");
  
! 	if (pledge("stdio rpath getpw", NULL) == -1)
  		err(1, "pledge");
  
  	if ((mytty = ttyname(0))) {
--- 74,80 ----
  
  	setlocale(LC_ALL, "");
  
! 	if (pledge("stdio unveil rpath getpw", NULL) == -1)
  		err(1, "pledge");
  
  	if ((mytty = ttyname(0))) {
***************
*** 122,129 ****
--- 122,133 ----
  	if (show_labels)
  		output_labels();
  
+ 	if (unveil(_PATH_UTMP, "r") == -1)
+ 		err(1, "unveil");
  	switch (argc) {
  	case 0:					/* who */
+ 		if (pledge("stdio rpath getpw", NULL) == -1)
+ 			err(1, "pledge");
  		ufp = file(_PATH_UTMP);
  
  		if (only_current_term) {
***************
*** 150,155 ****
--- 154,163 ----
  		}
  		break;
  	case 1:					/* who utmp_file */
+ 		if (unveil(*argv, "r") == -1)
+ 			err(1, "unveil");
+ 		if (pledge("stdio rpath getpw", NULL) == -1)
+ 			err(1, "pledge");
  		ufp = file(*argv);
  
  		if (only_current_term) {
***************
*** 175,180 ****
--- 183,190 ----
  		}
  		break;
  	case 2:					/* who am i */
+ 		if (pledge("stdio rpath getpw", NULL) == -1)
+ 			err(1, "pledge");
  		ufp = file(_PATH_UTMP);
  		who_am_i(ufp);
  		break;