> > > > > i doubt that anyone is ever going to make use of more than 125 > > > > > imports. > > > > > > > > > > the problem is that i cannot simply restict that to one folder. they > > > > > could be anywhere (even though they are not usually)
... > > > > What do they do then? > > > > > > modify this patch so it finds the common folder where the typedef > > > files are in and unveil to it instead. that's what i would do. ... So if someone is creating malicious source code to try to subvert the compiler, the "i doubt that anyone is ever going to make use of more than 125 imports" can't be relied on, and code to find a common parent directory would mean the protection is silently weakened or completely lost. I'd recommend sending a diff just adding pledge. That is relatively non-controversial, shouldn't change behaviour of the compiler at all, adds some useful protection, and if triggered, the process is killed, making the problem obvious and easy to understand (whereas problems with unveil usually result in "file not found" type errors which are not really intuitive, you'll see quite a lot of confusion if you read posts from people who run into problems in web browsers using unveil).
