kvm_openfiles() happens before unveil. It opens these files (or falls
back to defaults), stores the opened fds (but not their names) in kd,
and the file names are never used later. So these unveils seem
unnecessary.
I don't think the intention was to unveil before kvm_openfiles(), since
then the unveils would be incomplete.
Am I missing something?
Index: ps.c
===================================================================
RCS file: /cvs/src/bin/ps/ps.c,v
retrieving revision 1.79
diff -u -p -r1.79 ps.c
--- ps.c 1 Sep 2022 21:15:54 -0000 1.79
+++ ps.c 3 Oct 2022 06:14:31 -0000
@@ -287,15 +287,6 @@ main(int argc, char *argv[])
err(1, "unveil %s", _PATH_DEVDB);
if (unveil(_PATH_DEV, "r") == -1 && errno != ENOENT)
err(1, "unveil %s", _PATH_DEV);
- if (swapf)
- if (unveil(swapf, "r") == -1)
- err(1, "unveil %s", swapf);
- if (nlistf)
- if (unveil(nlistf, "r") == -1)
- err(1, "unveil %s", nlistf);
- if (memf)
- if (unveil(memf, "r") == -1)
- err(1, "unveil %s", memf);
if (pledge("stdio rpath getpw ps", NULL) == -1)
err(1, "pledge");
