Currently, if an unveiled process execs another program, it doesn't inherit the unveil paths. This means that if the unveiled process hasn't pledged itself out of the exec syscall and it has a suitable binary inside of its paths, it can trivially bypass unveil. Here's a short PoC: https://gist.github.com/dzwdz/d65917e52cbf68262fc7216b9f963a91
It isn't mentioned in the man pages, the only mention of that behavior is in an obscure comment deep in kern_exec.c. I wasn't able to find any rationale behind the decision to make it this way either. Is there one? If there isn't - what about changing the kernel so unveiled paths persist between execs? That would allow very easy container-like sandboxing.
