No. I'm guessing you don't understand symbolic links.
Look, this is a waste of time. Luke Small <lukensm...@gmail.com> wrote: > --00000000000080daf105a7444c30 > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: 8bit > > In the case of 10000 URLs couldnât you at least merely unveil â./â as > âcwâ; > make any specified cafile/capath including shortcut resolution as ârâ > (perhaps with the shell âxâ) so that at worst, current directory files > could be overwritten, but not read? > > On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt <dera...@openbsd.org> wrote: > > > You really don't get it. > > > > + unveil_list = calloc(2 * argc, sizeof(char*)); > > > > Imagine argc is 10000. > > > > + for (i = 2 * argc - 2; i >= 0; i -= 2) { > > + if (unveil_list[i]) { > > + if (unveil(unveil_list[i], "r") == > > -1) > > ... > > + if (unveil_list[i | 1]) { > > + if (unveil(unveil_list[i | 1], > > "cw") == -1) > > + err(1, "unveil"); > > ... > > > > > > E2BIG The addition of path would exceed the per-process > > limit for unveiled paths. > > > > > > Great, under fairly normal usage ftp aborts with an error. > > > > Since you start with up to 8 others, it looks like this limit is easily > > hit at around 120 filenames. > > > > So ftp simply fails to perform the task it is designed for. > > > > Your proposal is to break the command. > > > > -- > -Luke > > --00000000000080daf105a7444c30 > Content-Type: text/html; charset="UTF-8" > Content-Transfer-Encoding: 8bit > > <div><div dir="auto">In the case of 10000 URLs couldnât you at least merely > unveil â./â as âcwâ; make any specified cafile/capath including > shortcut resolution as ârâ (perhaps with the shell âxâ) so that at > worst, current directory files could be overwritten, but not > read?</div></div><div><br><div class="gmail_quote"><div dir="ltr" > class="gmail_attr">On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt <<a > href="mailto:dera...@openbsd.org">dera...@openbsd.org</a>> > wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px > 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">You > really don't get it.<br> > <br> > +            unveil_list = calloc(2 * argc, > sizeof(char*));<br> > <br> > Imagine argc is 10000.<br> > <br> > +            for (i = 2 * argc - 2; i >= 0; i -= 2) > {<br> > +                if (unveil_list[i]) {<br> > +                    if > (unveil(unveil_list[i], "r") == -1)<br> > ...<br> > +                if (unveil_list[i | 1]) {<br> > +                    if > (unveil(unveil_list[i | 1], "cw") == -1)<br> > +                        > err(1, "unveil");<br> > ...<br> > <br> > <br> >    E2BIG       The addition of path would exceed the > per-process<br> >             limit for unveiled paths.<br> > <br> > <br> > Great, under fairly normal usage ftp aborts with an error. <br> > <br> > Since you start with up to 8 others, it looks like this limit is easily<br> > hit at around 120 filenames.<br> > <br> > So ftp simply fails to perform the task it is designed for.<br> > <br> > Your proposal is to break the command.<br> > <br> > </blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" > data-smartmail="gmail_signature">-Luke</div> > > --00000000000080daf105a7444c30--