From c83e16d65d535e2ec8a3c0e8590d3640e4568c9f Mon Sep 17 00:00:00 2001
From: ajacoutot <>
Date: Thu, 19 Jan 2017 06:48:50 +0000
Subject: [PATCH] Add the _syspatch user/group: an unprivileged user for
 syspatch(8) used to fetch and verify patches.

discussed with deraadt@ rpe@
ok deraadt@
---
 src/etc/group         | 1 +
 src/etc/mail/aliases  | 3 ++-
 src/etc/master.passwd | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/etc/group b/src/etc/group
index 69c24083..486b90e8 100644
--- a/src/etc/group
+++ b/src/etc/group
@@ -76,6 +76,7 @@ _vmd:*:107:
 _tftp_proxy:*:108:
 _ftp_proxy:*:109:
 _sndiop:*:110:
+_syspatch:*:112:
 dialer:*:117:
 nogroup:*:32766:
 nobody:*:32767:
diff --git a/src/etc/mail/aliases b/src/etc/mail/aliases
index f75bc400..d01ef71a 100644
--- a/src/etc/mail/aliases
+++ b/src/etc/mail/aliases
@@ -1,5 +1,5 @@
 #
-#	$OpenBSD: aliases,v 1.62 2016/12/27 12:41:40 jca Exp $
+#	$OpenBSD: aliases,v 1.63 2017/01/19 06:48:50 ajacoutot Exp $
 #
 #  Aliases in this file will NOT be expanded in the header from
 #  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
@@ -77,6 +77,7 @@ nobody:	/dev/null
 _tftp_proxy: /dev/null
 _ftp_proxy: /dev/null
 _sndiop: /dev/null
+_syspatch: /dev/null
 sshd:   /dev/null
 
 # Well-known aliases -- these should be filled in!
diff --git a/src/etc/master.passwd b/src/etc/master.passwd
index cec7b630..e56895c6 100644
--- a/src/etc/master.passwd
+++ b/src/etc/master.passwd
@@ -59,4 +59,5 @@ _vmd:*:107:107::0:0:VM Daemon:/var/empty:/sbin/nologin
 _tftp_proxy:*:108:108::0:0:tftp proxy daemon:/nonexistent:/sbin/nologin
 _ftp_proxy:*:109:109::0:0:ftp proxy daemon:/nonexistent:/sbin/nologin
 _sndiop:*:110:110::0:0:sndio privileged user:/var/empty:/sbin/nologin
+_syspatch:*:112:112::0:0:syspatch unprivileged user:/var/empty:/sbin/nologin
 nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin