From: Vevy Kod Subject: Re: pledge/unveil for harec? To: ports@openbsd.org Date: Thu, 18 Jul 2024 19:51:11 +0200 How about adding an environment variable containing all directories where headers can be found ? If it is not provided, we can fall back to the per-file algorithm, possibly going above limit. If a user goes above that limit, they can provide their own list of directories. And in the worst case, they can simply set it to '/', giving themselves read access to everything. On 18/07/2024 17:43, Lorenz (xha) wrote: > the HARE_TD_ are the "typedef" files, basically the equivalent > to C headers, but automatically generated by the compiler so we can > do resolution of types/functions/etc. in dependencies without having > to look at the source files themselves. > > i doubt that anyone is ever going to make use of more than 125 imports. > > the problem is that i cannot simply restict that to one folder. they > could be anywhere (even though they are not usually). that'd complicate > the patch a lot for... allowing more than 125 imports? > > the error message will not be particularly hard to read; i guess if > someone really hits the limit, we can do something about it then? > > we don't want to do anything in upstream harec because we want to > keep it to the POSIX subset. > > On Thu, Jul 18, 2024 at 09:29:39AM -0600, Theo de Raadt wrote: >> Tobias Heider wrote: >> >>> I think unveil might still be useful. >> >> I don't think so. >> >>> As I understand Theo the problem is just that calling unveil per-input file to grant >>> read access won't work. Restricting write and create permissions to the single >>> well-known output directory still makes sense to me. >>> >>>> >>>> The set of library functions used is pretty small, so it should be easy >>>> enough to reason about adding pledge. >>>> >>>> $ nm -s /usr/local/bin/harec | awk '/^ *U / { print $2 }' | column >>>> __assert2 atexit fseek memset strerror >>>> __errno bsearch fstat open_memstream strlen >>>> __isinf calloc getenv optarg strncmp >>>> __isinff exit getline optind strtod >>>> __isinfl fclose getopt perror strtoul >>>> __isnan feof isalnum qsort strtoumax >>>> __isnanf fgetc isalpha realloc vfprintf >>>> __isnanl fileno isatty snprintf vsnprintf >>>> __isthreaded fmemopen isdigit stat >>>> __sF fopen isprint strchr >>>> _csu_finish fread memcmp strcmp >>>> abort free memcpy strdup >>>> >> >> So the undocumented, un-exported, unveil limit today is 128. This comes >> with a cost, so we will not be increasing it. >> >> Enough setenv, enough arguments, and it fails. Now how does someone "workaround" >> it in their build tooling? >> >> THAT "workaround" is what makes the solution. >> >> This is not what unveil is intended to support. >