On Fri, May 29, 2020 at 11:41:43AM -0400, Christopher Turkel wrote: > On Friday, May 29, 2020, Stuart Henderson <s...@spacehopper.org> wrote: > > > On 2020/05/29 08:30, Luke Small wrote: > > > You mention a lot of files that need to be read, but a program like > > pkg_add can make it the > > > _pkgfetch (57) user which has no directory and I’m guessing not in > > interactive mode. At the > > > very least, in noninteractive mode you could unveil(“/“, “rx”); and > > change the specified output > > > file discover the name of the file that is to be downloaded and unveil > > it as “cw” ! > > > -- > > > -Luke > > > > What problem are you trying to solve? > > > > If you are concerned about writes, use "ftp -o - $URL > somefile", it will > > run without cpath/wpath, which is functionally similar to unveil("/", "rx") > > (a bit stronger, because a program trying to write will be killed, rather > > than just having a file access error). > > > > pkg_add(1) already uses "ftp -o -": > > > > # ktrace -di pkg_add -u moo > > quirks-3.339 signed on 2020-05-27T20:05:28Z > > > > # kdump | grep promise= > > 61644 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" > > 41938 signify STRU promise="stdio rpath wpath cpath tty" > > 41938 signify STRU promise="stdio rpath" > > 24897 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" > > 54324 signify STRU promise="stdio rpath wpath cpath tty" > > 54324 signify STRU promise="stdio rpath" > > 9188 ftp STRU promise="stdio rpath dns tty inet proc exec fattr" > > > > If you need a diff written, I'm sure a developer would be willing in return > for a donation.
No. That's not how any of this works.