>>>>> "Samuel" == Samuel Thibault <sthiba...@debian.org> writes:
Samuel> And unfortunately, code that just uses PATH_MAX as
Samuel> allocation size most often do not really take care about
Samuel> this case, and then get possibly vulnerable.
Right, I'm just not sure the HURD approach is better.
The pam 1.5.3 hurd compatibility patch simply defines PATH_MAX to 4096.
I believe that previous krb5 patches have done something similar.
I think this approach is quite common to how people approach HURD
compatibility.
If we were using HURD's lack of PATH_MAX as a way to audit code for
these sorts of problems, it would make more sense to me.
Right now, it mostly appears that Debian inherits all the broken code
that does not deal with path overflow even on HURD plus gains additional
complexity in porting to HURD.
And I do suspect there are a class of bugs that are introduced when
PATH_MAX varies across a distribution.
