Hi, The diff below unveils passwd with exactly the same ones used on vipw, the only difference is that in this case _PATH_BSHELL is used to spawn an external passwordcheck program (if defined in /etc/login.conf) instead of an EDITOR.
Tested by changing my users' passwords back and forth several times, but if you want to test this please backup your /etc/master.passwd first otherwise it may eat your kittens! OK? Index: local_passwd.c =================================================================== RCS file: /cvs/src/usr.bin/passwd/local_passwd.c,v retrieving revision 1.53 diff -u -p -u -r1.53 local_passwd.c --- local_passwd.c 30 Dec 2016 23:32:14 -0000 1.53 +++ local_passwd.c 24 Oct 2018 09:18:44 -0000 @@ -36,6 +36,7 @@ #include <err.h> #include <errno.h> #include <fcntl.h> +#include <paths.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> @@ -71,6 +72,14 @@ local_passwd(char *uname, int authentica return(1); } + if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1) + err(1, "unveil"); + if (unveil(_PATH_MASTERPASSWD, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_BSHELL, "x") == -1) + err(1, "unveil"); + if (unveil(_PATH_PWD_MKDB, "x") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1) err(1, "pledge");