unveil is nowhere to be found in the ftp program source code. There’s
probably another way to do it, but I wrote a program and searched all files
in /usr/src/usr.bin/ftp/ contain no mention of “unveil”, but It mentions
“pledge”
It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c:
if (strcmp(outfile, "-"))
if (unveil(outfile, "cw") == -1)
err(1, "unveil");
and an unveil for whatever (I presume config file(s)) ftp reads and
whatever is executed.
It has rpath and exec among other pledges, but has cpath and wpath only if
a file is specified with the ‘-o’ flag.
--
-Luke
