Stuart Henderson <s...@spacehopper.org> wrote: > On 2024/07/18 05:27, Theo de Raadt wrote: > > This is not right. > > > > Only a maximum number of unveil's are allowed, before it starts returning > > E2BIG. That amount is not a public #define, to discourage what you are > > doing. > > > > You are trying to shove an unbounded number of them into the kernel, based > > upon getenv and argv. > > > > When you run out, and will exit with error. That's not very nice is it? > > > > I think the place where unveil really gives the most benefit is for > software which needs both network and filesystem access in the same > process. Much of the protection that Lorenz is looking for would come > from pledge without needing to consider unveil.
That is correct. The true risks are when exploited programs have full-network and full-filesystem. This has no network, so the (incorrectly fragile) unveil use is just breaking the program.
