On Fri, Aug 30, 2024 at 08:44:12PM GMT, Theo de Raadt wrote:
> Chaz Kettleson <c...@pyr3x.com> wrote:
>
> > My general thought here was since I only needed wpath/cpath for pid/log
> > files, and I was not going to patch for syslog (still need to write pid
> > anyway), I would at least unveil for only those files. The idea of
> > unveil("/", "") just seemed like a sane default from other domains where
> > a "block all, explicitly allow" makes sense.
>
> It is not sane. But also, it is not idiomatic. You can't find this in
> any other code. You made it up, it's an assumption that "everything
> possible should be used, it is all free". Try to explain what this does
> and why it is needed and why noone else uses it? You won't find a reason.
>
Indeed. I think I got a bit carried away with excitement trying out
pledge/unveil. I've taken some time to study how pledge/unveil are used
in other ports, as well as in base. I've also took some time to study
additional code paths of the port based on options selected. I'll cook
some new diffs based on this analysis for review.
Thanks again for all the feedback!
--
Chaz
