Theo de Raadt wrote:
> > unveil isn't really buying much if you pledge "rpath" immediately after,
> > so if you want just add another pledge here instead, that is fine.
>
> "rpath" is obviously cheaper than unveil of even 1 file.
here is a diff that simply adds another pledge.
the attack surface here is kinda nonexistant, but no reason why it needs the
ability to write files either.
Index: file.c
===================================================================
RCS file: /cvs/src/usr.bin/file/file.c,v
retrieving revision 1.66
diff -u -p -r1.66 file.c
--- file.c 15 Jan 2018 19:45:51 -0000 1.66
+++ file.c 4 Jan 2019 16:50:11 -0000
@@ -168,6 +168,9 @@ main(int argc, char **argv)
} else if (argc == 0)
usage();
+ if (pledge("stdio rpath getpw recvfd sendfd id proc", NULL) == -1)
+ err(1, "pledge");
+
magicfp = NULL;
if (geteuid() != 0 && !issetugid()) {
home = getenv("HOME");
