Hi,
The code path were we pass `pathname' in the arguments is already limited
with pledge(2), but since we know exactly what it is then we can go further and
also unveil(2) it with read permissions.
Comments? OK?
Index: getconf.c
===================================================================
RCS file: /cvs/src/usr.bin/getconf/getconf.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 getconf.c
--- getconf.c 28 Oct 2016 07:22:59 -0000 1.19
+++ getconf.c 25 Oct 2018 10:12:31 -0000
@@ -513,6 +513,8 @@ main(int argc, char *argv[])
break;
case PATHCONF:
+ if (unveil(argv[1], "r") == -1)
+ err(1, "unveil");
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
errno = 0;
