Florian Obser <flor...@openbsd.org> writes:
> There are 4 or five cases how unveil is called, depending on how
> you count. The permission seems to be always a string literal or NULL.
> The path can be:
>
> 1) a string literal
> 2) a #define
> 3) a variable
> 4) the empty string literal ""
For the archives, I misremembered.
I thought
unveil("", "");
unveil(NULL, NULL);
is the special case to lock down the filestem when you can't pledge.
But it is
unveil("/", "");
unveil(NULL, NULL);
which is just case 1)
Sorry about that.
> 5) NULL
--
I'm not entirely sure you are real.
