> > > > > i doubt that anyone is ever going to make use of more than 125 imports.
> > > > > 
> > > > > the problem is that i cannot simply restict that to one folder. they
> > > > > could be anywhere (even though they are not usually)

...

> > > > What do they do then?
> > > 
> > > modify this patch so it finds the common folder where the typedef
> > > files are in and unveil to it instead. that's what i would do.

...

So if someone is creating malicious source code to try to subvert the
compiler, the "i doubt that anyone is ever going to make use of more
than 125 imports" can't be relied on, and code to find a common
parent directory would mean the protection is silently weakened or
completely lost.

I'd recommend sending a diff just adding pledge. That is relatively
non-controversial, shouldn't change behaviour of the compiler at all,
adds some useful protection, and if triggered, the process is killed,
making the problem obvious and easy to understand (whereas problems with
unveil usually result in "file not found" type errors which are not
really intuitive, you'll see quite a lot of confusion if you read posts
from people who run into problems in web browsers using unveil).