Hi,
kdump(1) only needs access to tracefile which by default is ktrace.out unless
argument -f is used. We can just unveil(2) that file with read permissions.
I tried it with all possible arguments just to make sure nothing breaks.
Comments? OK?
Index: kdump.c
===================================================================
RCS file: /cvs/src/usr.bin/kdump/kdump.c,v
retrieving revision 1.133
diff -u -p -u -r1.133 kdump.c
--- kdump.c 28 Nov 2017 15:35:02 -0000 1.133
+++ kdump.c 10 Aug 2018 13:12:03 -0000
@@ -208,6 +208,8 @@ main(int argc, char *argv[])
if (argc > optind)
usage();
+ if (unveil(tracefile, "r") == -1)
+ err(1, "unveil");
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");
