Created attachment 201301 [details] patch In r306761 when write(1) was capsicumized, a call to setutxent() was added to load up the utx db before entering capabilities mode. However, the other setutxent() calls in later functions were left in place, so the actual getutx*() calls would still fail, making write unable to find any users. -CURRENT presumably needs a similar patch. Attach patch applies cleanly to -CURRENT, but I've only tested on stable/12.
This looks good to me, and seems to fix write(1).
A commit references this bug: Author: markj Date: Wed Jan 23 20:02:18 UTC 2019 New revision: 343354 URL: https://svnweb.freebsd.org/changeset/base/343354 Log: Remove extraneous setutxent() calls in write(1). We already call setutxent() once during initialization. Furthermore, the subsequent calls occur after the process has entered capability mode, so they fail, and attempts to fetch database entries fail as a result. PR: 235096 Submitted by: fullermd@over-yonder.net MFC after: 3 days Changes: head/usr.bin/write/write.c
Ping: doesn't seem to have made it down the MFC chute.
A commit references this bug: Author: markj Date: Sat Mar 9 21:09:44 UTC 2019 New revision: 344973 URL: https://svnweb.freebsd.org/changeset/base/344973 Log: MFC r343354: Remove extraneous setutxent() calls in write(1). PR: 235096 Changes: _U stable/12/ stable/12/usr.bin/write/write.c
Thanks for poking me, not sure how I missed it.