From bd3a8259235786e4aae8c7d85a014a2fd96af1c6 Mon Sep 17 00:00:00 2001
From: beck <beck@openbsd.org>
Date: Sun, 24 Mar 2019 18:43:06 +0000
Subject: Document the fact that readlink(2) can bypass restrictions as needed
 by realpath(3).  This will go away post 6.5. ok deraadt@

---
 lib/libc/sys/unveil.2 | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'lib/libc')

diff --git a/lib/libc/sys/unveil.2 b/lib/libc/sys/unveil.2
index cea363a8bfc..172ca28b32e 100644
--- a/lib/libc/sys/unveil.2
+++ b/lib/libc/sys/unveil.2
@@ -1,4 +1,4 @@
-.\" $OpenBSD: unveil.2,v 1.15 2019/03/21 17:13:18 rob Exp $
+.\" $OpenBSD: unveil.2,v 1.16 2019/03/24 18:43:06 beck Exp $
 .\"
 .\" Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 21 2019 $
+.Dd $Mdocdate: March 24 2019 $
 .Dt UNVEIL 2
 .Os
 .Sh NAME
@@ -155,6 +155,14 @@ was not accessible, or
 .Nm
 was called after locking.
 .El
+.Sh BUGS
+.Xr readlink 2
+partially bypasses
+.Nm
+restrictions required by
+.Xr realpath 3 .
+Future changes intend to repair this problem.
+.Pp
 .Sh HISTORY
 The
 .Fn unveil
-- 
cgit v1.2.3-59-g8ed1b