the only fs access kdump(1) needs is to the tracefile which by default is

ktrace.out unless argument -f is used. We can just unveil(2) that file with read
permissions before the pledge(2) call.

OK deraadt@

1 files changed, 3 insertions, 1 deletions

diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index b80f7450685..fdaea84b2bb 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kdump.c,v 1.133 2017/11/28 15:35:02 guenther Exp $	*/
+/*	$OpenBSD: kdump.c,v 1.134 2018/08/11 11:01:37 mestre Exp $	*/
 
 /*-
  * Copyright (c) 1988, 1993
@@ -208,6 +208,8 @@ main(int argc, char *argv[])
 	if (argc > optind)
 		usage();
 
+	if (unveil(tracefile, "r") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath getpw", NULL) == -1)
 		err(1, "pledge");