Re: I unveil()ed ftp(1)!

[Theo de Raadt]

No.

I'm guessing you don't understand symbolic links.

Look, this is a waste of time.


Luke Small <lukensm...@gmail.com> wrote:

> --00000000000080daf105a7444c30
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: 8bit
> 
> In the case of 10000 URLs couldn’t you at least merely unveil “./“ as 
> “cw”;
> make any specified cafile/capath including shortcut resolution as “r”
> (perhaps with the shell “x”) so that at worst, current directory files
> could be overwritten, but not read?
> 
> On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt <dera...@openbsd.org> wrote:
> 
> > You really don't get it.
> >
> > +                       unveil_list = calloc(2 * argc, sizeof(char*));
> >
> > Imagine argc is 10000.
> >
> > +                       for (i = 2 * argc - 2; i >= 0; i -= 2) {
> > +                               if (unveil_list[i]) {
> > +                                       if (unveil(unveil_list[i], "r") ==
> > -1)
> > ...
> > +                               if (unveil_list[i | 1]) {
> > +                                       if (unveil(unveil_list[i | 1],
> > "cw") == -1)
> > +                                               err(1, "unveil");
> > ...
> >
> >
> >      E2BIG              The addition of path would exceed the per-process
> >                         limit for unveiled paths.
> >
> >
> > Great, under fairly normal usage ftp aborts with an error.
> >
> > Since you start with up to 8 others, it looks like this limit is easily
> > hit at around 120 filenames.
> >
> > So ftp simply fails to perform the task it is designed for.
> >
> > Your proposal is to break the command.
> >
> > --
> -Luke
> 
> --00000000000080daf105a7444c30
> Content-Type: text/html; charset="UTF-8"
> Content-Transfer-Encoding: 8bit
> 
> <div><div dir="auto">In the case of 10000 URLs couldn’t you at least merely 
> unveil “./“ as “cw”; make any specified cafile/capath including 
> shortcut resolution as “r” (perhaps with the shell “x”) so that at 
> worst, current directory files could be overwritten, but not 
> read?</div></div><div><br><div class="gmail_quote"><div dir="ltr" 
> class="gmail_attr">On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt &lt;<a 
> href="mailto:dera...@openbsd.org";>dera...@openbsd.org</a>&gt; 
> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 
> 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">You
>  really don&#39;t get it.<br>
> <br>
> +                       unveil_list = calloc(2 * argc, 
> sizeof(char*));<br>
> <br>
> Imagine argc is 10000.<br>
> <br>
> +                       for (i = 2 * argc - 2; i &gt;= 0; i -= 2) 
> {<br>
> +                               if (unveil_list[i]) {<br>
> +                                       if 
> (unveil(unveil_list[i], &quot;r&quot;) == -1)<br>
> ...<br>
> +                               if (unveil_list[i | 1]) {<br>
> +                                       if 
> (unveil(unveil_list[i | 1], &quot;cw&quot;) == -1)<br>
> +                                               
> err(1, &quot;unveil&quot;);<br>
> ...<br>
> <br>
> <br>
>      E2BIG              The addition of path would exceed the 
> per-process<br>
>                         limit for unveiled paths.<br>
> <br>
> <br>
> Great, under fairly normal usage ftp aborts with an error.  <br>
> <br>
> Since you start with up to 8 others, it looks like this limit is easily<br>
> hit at around 120 filenames.<br>
> <br>
> So ftp simply fails to perform the task it is designed for.<br>
> <br>
> Your proposal is to break the command.<br>
> <br>
> </blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" 
> data-smartmail="gmail_signature">-Luke</div>
> 
> --00000000000080daf105a7444c30--