The look(1) program needs to open(2) and fstat(2) exactly one file during its runtime. Using unveil(2) seems like overkill here.
This seems closer to what we want: - pledge(2) initially with "stdio rpath" at the top of main(). We know we need to read a file at this point but don't yet know which one. - pledge(2) down to "stdio" after we have opened the file in question and called fstat(2) to get its size. The rest of the program is computation and stdio. - Remove the unveil(2) call. We don't need it if we're only working with one file and it's already open. Unless I have misunderstood something, we don't need "rpath" to mmap(2) the descriptor into memory after opening it, so drop "rpath" before the mmap(2) call. ok? Index: look.c =================================================================== RCS file: /cvs/src/usr.bin/look/look.c,v retrieving revision 1.25 diff -u -p -r1.25 look.c --- look.c 24 Oct 2021 21:24:16 -0000 1.25 +++ look.c 9 Feb 2022 01:26:38 -0000 @@ -77,6 +77,9 @@ main(int argc, char *argv[]) int ch, fd, termchar; char *back, *file, *front, *string, *p; + if (pledge("stdio rpath", NULL) == -1) + err(2, "pledge"); + file = _PATH_WORDS; termchar = '\0'; while ((ch = getopt(argc, argv, "dft:")) != -1) @@ -110,11 +113,6 @@ main(int argc, char *argv[]) usage(); } - if (unveil(file, "r") == -1) - err(2, "unveil %s", file); - if (pledge("stdio rpath", NULL) == -1) - err(2, "pledge"); - if (termchar != '\0' && (p = strchr(string, termchar)) != NULL) *++p = '\0'; @@ -122,6 +120,10 @@ main(int argc, char *argv[]) err(2, "%s", file); if (sb.st_size > SIZE_MAX) errc(2, EFBIG, "%s", file); + + if (pledge("stdio", NULL) == -1) + err(2, "pledge"); + if ((front = mmap(NULL, (size_t)sb.st_size, PROT_READ, MAP_PRIVATE, fd, (off_t)0)) == MAP_FAILED) err(2, "%s", file);