the only fs access kdump(1) needs is to the tracefile which by default is

ktrace.out unless argument -f is used. We can just unveil(2) that file with read
permissions before the pledge(2) call.

OK deraadt@

diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index b80f745..fdaea84 100644 (file)
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kdump.c,v 1.133 2017/11/28 15:35:02 guenther Exp $    */
+/*     $OpenBSD: kdump.c,v 1.134 2018/08/11 11:01:37 mestre Exp $      */
 
 /*-
  * Copyright (c) 1988, 1993
@@ -208,6 +208,8 @@ main(int argc, char *argv[])
        if (argc > optind)
                usage();
 
+       if (unveil(tracefile, "r") == -1)
+               err(1, "unveil");
        if (pledge("stdio rpath getpw", NULL) == -1)
                err(1, "pledge");