Hi, The code path were we pass `pathname' in the arguments is already limited with pledge(2), but since we know exactly what it is then we can go further and also unveil(2) it with read permissions.
Comments? OK? Index: getconf.c =================================================================== RCS file: /cvs/src/usr.bin/getconf/getconf.c,v retrieving revision 1.19 diff -u -p -u -r1.19 getconf.c --- getconf.c 28 Oct 2016 07:22:59 -0000 1.19 +++ getconf.c 25 Oct 2018 10:12:31 -0000 @@ -513,6 +513,8 @@ main(int argc, char *argv[]) break; case PATHCONF: + if (unveil(argv[1], "r") == -1) + err(1, "unveil"); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); errno = 0;