*Open* files at the start, then unveil. The same overall
behaviour is observed. In the case that invalid arguments
are given, simply opening a file does not cause much
performance impact (if any).
Restrict operations as early as possible in code.
Bonus:
writeGbeFile also hardened; if flags is O_RDONLY, it aborts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i screwed up in an earlier commit
this change fixes a bug where on rhex(), each
call would re-open /dev/urandom, resetting rfd
Signed-off-by: Leah Rowe <leah@libreboot.org>
They don't precisely *pertain* to nvmutil, but they are
useful helper functions for calling pledge/unveil in
OpenBSD. Ideally, the main file should only contain core
logic pertaining to the execution of *nvmutil*.
Put xpledge() and xunveil() in nvmutil.h.
Signed-off-by: Leah Rowe <leah@libreboot.org>