Document the fact that readlink(2) can bypass restrictions as needed

by realpath(3). This will go away post 6.5. ok deraadt@
author: beck <beck@openbsd.org> 2019-03-24 18:43:06 +0000
committer: beck <beck@openbsd.org> 2019-03-24 18:43:06 +0000
commit: bd3a8259235786e4aae8c7d85a014a2fd96af1c6 (patch)
tree: f9dda5747415ee75634ca70153254a684311a734 /lib/libc
parent: virtio: Add a few feature bit defines and names (diff)
download: wireguard-openbsd-bd3a8259235786e4aae8c7d85a014a2fd96af1c6.tar.xz
wireguard-openbsd-bd3a8259235786e4aae8c7d85a014a2fd96af1c6.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/libc/sys/unveil.2 b/lib/libc/sys/unveil.2
index cea363a8bfc..172ca28b32e 100644
--- a/lib/libc/sys/unveil.2
+++ b/lib/libc/sys/unveil.2
@@ -1,4 +1,4 @@
-.\" $OpenBSD: unveil.2,v 1.15 2019/03/21 17:13:18 rob Exp $
+.\" $OpenBSD: unveil.2,v 1.16 2019/03/24 18:43:06 beck Exp $
 .\"
 .\" Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 21 2019 $
+.Dd $Mdocdate: March 24 2019 $
 .Dt UNVEIL 2
 .Os
 .Sh NAME
@@ -155,6 +155,14 @@ was not accessible, or
 .Nm
 was called after locking.
 .El
+.Sh BUGS
+.Xr readlink 2
+partially bypasses
+.Nm
+restrictions required by
+.Xr realpath 3 .
+Future changes intend to repair this problem.
+.Pp
 .Sh HISTORY
 The
 .Fn unveil
author	beck <beck@openbsd.org>	2019-03-24 18:43:06 +0000
committer	beck <beck@openbsd.org>	2019-03-24 18:43:06 +0000
commit	bd3a8259235786e4aae8c7d85a014a2fd96af1c6 (patch)
tree	f9dda5747415ee75634ca70153254a684311a734 /lib/libc
parent	virtio: Add a few feature bit defines and names (diff)
download	wireguard-openbsd-bd3a8259235786e4aae8c7d85a014a2fd96af1c6.tar.xz wireguard-openbsd-bd3a8259235786e4aae8c7d85a014a2fd96af1c6.zip