I’ll be the first to admit that I don’t completely understand the power that is the ftp client. but what I do understand of it, from the perspective of noninteractive commandline execution, it seems to fit the bill. For file and http(s) transfers. I didn’t see any buffer overflows and I’m sure that my solution would’ve thrown some segfaults if it had overrun a buffer in my testing. All the comments like how I needed to resolve soft links of cafile have been dealt with, but I’m not shy about putting in single letter variables to perform nested looping. But it seems that the task that said couldn’t be done, was done. It adds complexity that I’m sure you aren’t comfortable with; especially since your name is on the file as the last author, but you can’t say I’m not that demandy lazy ass that didn’t do anything about it now.
On Wed, Jun 3, 2020 at 9:50 AM Theo de Raadt <dera...@openbsd.org> wrote: > I mean it is amusing, because this is never going to fly. > > This increase in complexity is completely unacceptable, what I see is > completely amateurish, and I also see overflows, a lack of testing > for edge conditions, and a lack of attention to how unveil works. > > > Luke Small <lukensm...@gmail.com> wrote: > > > You're welcome! I figured you might not want a “massive” diff to cap off > your day to > > make a program that you apparently feel is secure enough, but I made > good that I got > > off my ass and did something anyway. I’m surprised that you even went to > the trouble of > > pledging it myself. It only took 2 or 3 days to figure out what it was > doing and change > > it. I left in the fprintf()s to so that I could amuse you. > > > > I’m kinda surprised that you didn’t go straight for the “submit a diff. > Anything you > > submit will just be rejected anyway!” > > > > On Wed, Jun 3, 2020 at 9:39 AM Theo de Raadt <dera...@openbsd.org> > wrote: > > > > Thank you for the laugh. > > > > Luke Small <lukensm...@gmail.com> wrote: > > > > > I think I'm done tinkering. try these out in ftp folder. I left in > some > > > fprintf(ttyout,...) in main.c > > > to show what is being unveiled. It resolves shortcuts in SSL_CAFILE > > > and SSL_PATH variables. > > > It leaves in place the functionality of the original functions, but > adds > > > the availability to perform > > > a dry run pass to load an unveil list of potential files from which > to read > > > and create/write. > > > The only potential bug is perhaps if in the followup unveiled pass if > it > > > has a problem with dns resolution or > > > something, it may be unveiled and drop into a command line. I'm not > sure. > > > > > > The diff is of the three files below vs the originals since I last > updated > > > the source files. > > > > > > -Luke > > > -- > > > -Luke > > > > -- > > -Luke > > > -- -Luke
