Hi, Le 2025-01-20 21:21, Sam Hartman a écrit :
One of the issues is HOST_NAME_MAX in modules/pam_xauth/pam_xauth.c.
It doesn't make much sense to allow arbitrarily long host names. I'm more reserved for path names as there are (arguably pathological) use cases where any fixed limit could be reached.
I think that a satisfactory way to deal with some security issues (let's call them "name bombs") would be for HURD to implement limits that can be configured at run time, in the spirit of linux sysctls for many limits. That won't help much with the other issues though.
In the case of pam above, I believe that patching it in a way that sets an arbitrary high limit when there is none and documenting this as a limitation could be appropriate.
Cheers, -- Julien Plissonneau Duquène
