look(1): use a stricter pledge(2) in lieu of unveil(2)
We're only reading one file here, so unveil(2) is overkill. We can
achieve the same effect with just pledge(2):
- Start with an initial pledge(2) of "stdio rpath" at the top of main().
We know we need to read a file at this point but don't yet know which
one.
- Drop the pledge(2) down to "stdio" after we open(2) and fstat(2) the
chosen file.
- Dropping "rpath" obviates unveil(2).
Thread: https://marc.info/?l=openbsd-tech&m=
164437072017248&w=2
ok millert@
projects / openbsd / commit