Stuart Henderson <stu@spacehopper.org> wrote:

> On 2024/07/18 05:27, Theo de Raadt wrote:
> > This is not right.
> > 
> > Only a maximum number of unveil's are allowed, before it starts returning
> > E2BIG.  That amount is not a public #define, to discourage what you are
> > doing.
> > 
> > You are trying to shove an unbounded number of them into the kernel, based
> > upon getenv and argv.
> > 
> > When you run out, and will exit with error.  That's not very nice is it?
> > 
> 
> I think the place where unveil really gives the most benefit is for
> software which needs both network and filesystem access in the same
> process. Much of the protection that Lorenz is looking for would come
> from pledge without needing to consider unveil.

That is correct.

The true risks are when exploited programs have full-network and
full-filesystem.  This has no network, so the (incorrectly fragile)
unveil use is just breaking the program.