From: "Lorenz (xha)" <me@xha.li>
Subject: Re: pledge/unveil for harec?
To: Theo de Raadt <deraadt@openbsd.org>
Cc: Tobias Heider <tobias.heider@stusta.de>, ports@openbsd.org
Date: Thu, 18 Jul 2024 17:50:08 +0200

On Thu, Jul 18, 2024 at 09:45:34AM -0600, Theo de Raadt wrote:
> Lorenz (xha) <me@xha.li> wrote:
> 
> > the HARE_TD_<files> are the "typedef" files, basically the equivalent
> > to C headers, but automatically generated by the compiler so we can
> > do resolution of types/functions/etc. in dependencies without having
> > to look at the source files themselves.
> > 
> > i doubt that anyone is ever going to make use of more than 125 imports.
> > 
> > the problem is that i cannot simply restict that to one folder. they
> > could be anywhere (even though they are not usually). that'd complicate
> > the patch a lot for... allowing more than 125 imports?
> > 
> > the error message will not be particularly hard to read; i guess if
> > someone really hits the limit, we can do something about it then?
> 
> So tell us --- when someone hits that limit, what do they need to
> do about it?
> 
> What do they do then?

modify this patch so it finds the common folder where the typedef
files are in and unveil to it instead. that's what i would do.

but just to demonstrate how unlikely 125 imports are:

use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;
use fmt;

i really hope that noone does this. and if so, they'll have other problems
i guess