Mailing List Archive | ports@openbsd.org

From:: "Theo de Raadt" <deraadt@openbsd.org>
Subject:: Re: pledge/unveil for harec?
To:: "Lorenz (xha)" <me@xha.li>
Cc:: ports@openbsd.org
Date:: Thu, 18 Jul 2024 05:27:34 -0600

Download raw body.

Thread

2024-07-18 08:07 Lorenz (xha):
pledge/unveil for harec?
- 2024-07-18 11:27 Theo de Raadt:
  pledge/unveil for harec?
- - 2024-07-18 11:59 Stuart Henderson:
    pledge/unveil for harec?
  - - 2024-07-18 12:21 Tobias Heider:
      pledge/unveil for harec?

This is not right.

Only a maximum number of unveil's are allowed, before it starts returning
E2BIG.  That amount is not a public #define, to discourage what you are
doing.

You are trying to shove an unbounded number of them into the kernel, based
upon getenv and argv.

When you run out, and will exit with error.  That's not very nice is it?

2024-07-18 08:07 Lorenz (xha):
pledge/unveil for harec?
- 2024-07-18 11:27 Theo de Raadt:
  pledge/unveil for harec?
- - 2024-07-18 11:59 Stuart Henderson:
    pledge/unveil for harec?
  - - 2024-07-18 12:21 Tobias Heider:
      pledge/unveil for harec?