From: Omar Polo <op@omarpolo.com>
Subject: Re: gotd listen process needs apply_unveil_none()
To: Stefan Sperling <stsp@stsp.name>
Cc: gameoftrees@openbsd.org
Date: Wed, 04 Jan 2023 22:09:20 +0100

On 2023/01/04 21:57:26 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> It occurred to me that the gotd listen process is able to create
> new unix sockets via bind(2) because it does not use unveil(2)
> to block its view of the filesystem.
> 
> I have verified that a socket can indeed be bound successfully after
> pledge("stdio unix"), and that bind(2) fails with ENOENT when the code
> in apply_unveil_none() is run between pledge("stdio unix") and bind(2).
> 
> ok?

like it's done for the auth process.  ok op@