Stuart Henderson <s...@spacehopper.org> wrote:
> On 2020-05-29, Christopher Turkel <turkel.christop...@gmail.com> wrote:
> > On Friday, May 29, 2020, Stuart Henderson <s...@spacehopper.org> wrote:
> >
> >> On 2020/05/29 08:30, Luke Small wrote:
> >> > You mention a lot of files that need to be read, but a program like
> >> pkg_add can make it the
> >> > _pkgfetch (57) user which has no directory and I’m guessing not in
> >> interactive mode. At the
> >> > very least, in noninteractive mode you could unveil(“/“, “rx”); and
> >> change the specified output
> >> > file discover the name of the file that is to be downloaded and unveil
> >> it as “cw” !
> >> > --
> >> > -Luke
> >>
> >> What problem are you trying to solve?
> >>
> >> If you are concerned about writes, use "ftp -o - $URL > somefile", it will
> >> run without cpath/wpath, which is functionally similar to unveil("/", "rx")
> >> (a bit stronger, because a program trying to write will be killed, rather
> >> than just having a file access error).
> >>
> >> pkg_add(1) already uses "ftp -o -":
> >>
> >> # ktrace -di pkg_add -u moo
> >> quirks-3.339 signed on 2020-05-27T20:05:28Z
> >>
> >> # kdump | grep promise=
> >> 61644 ftp STRU promise="stdio rpath dns tty inet proc exec fattr"
> >> 41938 signify STRU promise="stdio rpath wpath cpath tty"
> >> 41938 signify STRU promise="stdio rpath"
> >> 24897 ftp STRU promise="stdio rpath dns tty inet proc exec fattr"
> >> 54324 signify STRU promise="stdio rpath wpath cpath tty"
> >> 54324 signify STRU promise="stdio rpath"
> >> 9188 ftp STRU promise="stdio rpath dns tty inet proc exec fattr"
> >
> >
> >
> > If you need a diff written, I’m sure a developer would be willing in return
> > for a donation.
> >
>
> Huh? I am a developer and have put many thousands of hours of work into
> this OS. No I don't need a diff for this written, I was trying to get Luke
> to describe what he was actually trying to do and showed how to see what
> pledges are actually being used because his most recent suggestion was to
> do something which is pretty much what is already done.
He wanted more unveil.
Some programs are complicated. Unveil or pledge can be added to them
in a minimal, or sufficient way.
For some programs, adding even more unveil or pledge becomes very
difficult. This is one of those programs.
Which programs appear to have less unveil or pledge? The ones where
we *judged* it as diminishing return, where the work to invest, the
comprehensive testing, etc was too much.
And what happens? On our lists, we get told to do more. We get told
how the work should be done. Within any demonstration. Without an
actual finger lifted.
And yeah, that really pisses us off.
If you have such a great idea and see something we've missed, THEN LUKE
GET OFF YOUR ASS AND DO IT, or if the problem is you won't invest the
time, then don't write emails effectively demanding that we should
invest the time.
You've done it before. Really, it makes you look really small brained.
