clear whitelisted-paths view in pledge.
the following diff adds a clear view of whitelisted-paths in pledge.
before, whitelisting "/usr/local/bin" path would make only "/usr/local/bin"
VNODE was present and let "/usr/local", "/usr", and "/" been ENOENT. It was a
somehow odd filesystem hierarchy, and it breaks realpath(3).
with this diff, the directories that are one of the parents of a
whitelisted-directory become visible to stat(2) related syscalls, but only
with restricted permissions: stat(2) will lie a bit, and saying they owned by
root:wheel and mode is --x--x--x. Note that only stat(2) is affected by this
"view", and the owner/mode aren't effectively changed: it is just a "lie".
while here, refactor a bit pledge_namei() in order to avoid multiple for-loop
on whitelisted-path array.
ok deraadt@
projects / openbsd / commit