> "Theo de Raadt" <[email protected]> wrote:
> Have you found anything which implies that unveil persists?
I haven't found anything which implies that unveil doesn't persist either.
Do you think that the documentation should keep developers guessing?
> unveil and pledge exist for a process to *PROTECT AGAINST IT'S OWN
> MISBEHAVIOUR*.
>
> If you use "exec", you have intentionally and visibly opened an escape
> hatch to run other programs, which are EXPECTED to self-protect against
> their own misbehaviour.
Yet, the documentation doesn't warn about it. It's an easy mistake to make.
Let's say that I want to write a program that is unable to write to the
filesystem, so I put this in main():
unveil("/", "rx");
unveil(NULL, NULL);
Obviously, an attacker could easily bypass this with exec. How was I
supposed to know that, if not from the docs?
