On Fri, May 29, 2020 at 11:41:43AM -0400, Christopher Turkel wrote:
> On Friday, May 29, 2020, Stuart Henderson <s...@spacehopper.org> wrote:
>
> > On 2020/05/29 08:30, Luke Small wrote:
> > > You mention a lot of files that need to be read, but a program like
> > pkg_add can make it the
> > > _pkgfetch (57) user which has no directory and I’m guessing not in
> > interactive mode. At the
> > > very least, in noninteractive mode you could unveil(“/“, “rx”); and
> > change the specified output
> > > file discover the name of the file that is to be downloaded and unveil
> > it as “cw” !
> > > --
> > > -Luke
> >
> > What problem are you trying to solve?
> >
> > If you are concerned about writes, use "ftp -o - $URL > somefile", it will
> > run without cpath/wpath, which is functionally similar to unveil("/", "rx")
> > (a bit stronger, because a program trying to write will be killed, rather
> > than just having a file access error).
> >
> > pkg_add(1) already uses "ftp -o -":
> >
> > # ktrace -di pkg_add -u moo
> > quirks-3.339 signed on 2020-05-27T20:05:28Z
> >
> > # kdump | grep promise=
> > 61644 ftp STRU promise="stdio rpath dns tty inet proc exec fattr"
> > 41938 signify STRU promise="stdio rpath wpath cpath tty"
> > 41938 signify STRU promise="stdio rpath"
> > 24897 ftp STRU promise="stdio rpath dns tty inet proc exec fattr"
> > 54324 signify STRU promise="stdio rpath wpath cpath tty"
> > 54324 signify STRU promise="stdio rpath"
> > 9188 ftp STRU promise="stdio rpath dns tty inet proc exec fattr"
>
>
>
> If you need a diff written, I'm sure a developer would be willing in return
> for a donation.
No. That's not how any of this works.
