Hi, Just like in mesg(1) in biff(1) we just need to push down pledge a little bit to get the tty name. After this we can unveil the tty with rw access in order to stat(2)/chmod(2) it, once this is done we can put back the same pledge(2) just right afterwards.
OK? Index: biff.c =================================================================== RCS file: /cvs/src/usr.bin/biff/biff.c,v retrieving revision 1.15 diff -u -p -u -r1.15 biff.c --- biff.c 7 Jul 2016 09:26:25 -0000 1.15 +++ biff.c 10 Aug 2018 09:48:25 -0000 @@ -49,9 +49,6 @@ main(int argc, char *argv[]) int ch; char *name; - if (pledge("stdio rpath fattr", NULL) == -1) - err(2, "pledge"); - while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { case '?': @@ -63,6 +60,11 @@ main(int argc, char *argv[]) if ((name = ttyname(STDERR_FILENO)) == NULL) err(2, "tty"); + + if (unveil(name, "rw") == -1) + err(2, "unveil"); + if (pledge("stdio rpath fattr", NULL) == -1) + err(2, "pledge"); if (stat(name, &sb)) err(2, "stat");