Hello,
It should not have, indeed.
Actually, no.

Please see

https://darnassus.sceen.net/~hurd-web/faq/foo_max/

Also more details in https://eklitzke.org/path-max-is-tricky

Quoting a bit:

$ printf '#include <limits.h>\nPATH_MAX' | cpp -P
$ d=0123456789; for i in `seq 1 1000`; do mkdir $d; cd $d 2>/dev/null; done
$ pwd | wc -c

Limiting PATH_MAX to 4096 is just a way to not actually try to think
about the problem, and hide the corresponding bugs.
For quite a lot of cases it's a matter of using realpath(path, NULL),
getcwd(NULL, 0), or asprintf().
Yes, but depending on the application the limit can vary. Using 4096 as
limit can be a bad idea if you might have millions of files. If you have
only a few of them you could accept much longer.
In the case of HOST_NAME_MAX, we could indeed define it, because its
only meaning is the limitation of gethostname(), which is set by the
admin and we can limit that there too, it's not coming from whatever
else.
Concerning PATH_MAX, for safety of the software, yes.

Samuel

Hi!
While I agree on some of your premises below, I do not agree with the
conclusions, my conclusion has actually been for a long time, the
opposite.

Disclosure: I used to be part of the Debian Hurd porters team,
maintained mig and gnumach for a while, and even packaged L4 Pistachio
(an alternative microkernel) for a while, when there was discussions
about switching away from GNU Mach. I still try to follow what's going
in the port, and sporadically review or port stuff. I still consider
myself a porter (in general) at heart.
I have not checked this specific case, but I think in general there
have been several reasons for the different kinds of patches being sent.
From the general experience of the porter, their knowledge of the
code being ported, the apparent urgency of getting something fixed,
whether stopping to use arbitrary limits would break exposed ABI,
the receptiveness of the receiving maintainers and their desire for
more correct/robust but potentially more intrusive patches, or their
desire for more minimal patches to simply fix FTBFS problems, etc.

Without more details, the patch you describe I'd consider it a
workaround, which I'd have asked to be reworked if I had reviewed
it, or would have provided an alternative myself. And I think these
kind of patches are frowned upon by the Hurd porters in general.
(Sadly, many of the things that got into Linux, feel like they got
bolted on, in many cases in unnatural or complex ways, with harder
to grasp semantics and increased security exposure.)
I disagree for both statements.

The way I've always interpreted the arbitrary limit stance, has been
that the code should be robust and be prepared to handle data of any
length, while dynamically handling truncation, and underlying limits
(say from specific filesystem implementations or protocols, allocation
failures, etc, because we live surrounded by a limited world anyway).
And not cooking such hardcoded limits means that the code is ready for
any such underlying limits to be bumped freely, or changing beneath us
due to underlying implementation changes. AFAIR this is currently a
problem on GNU/Linux for example, because even if we wanted to increase
the pathname or other such arbitrary limits, these are part of the ABI
now. :/

And while I agree that specifically on security sensitive contexts,
unfortunately it might be needed to add arbitrary limits for security
reasons as you mentioned, this to me still does not translate to the
examples given with pathnames and hostnames, and other similar system
resources. And a limit that might seem reasonable today, will most
probably be a hindrance years ahead or with bigger equipment, and
might easily hamper functionality. So I'd still be very ware of such
limits.
I agree with this concern, but I see it in reverse actually. Because
on GNU/Linux there's this hardcoding, there is less care for truncation
as you mention, which can still happen, because you might not control
what another program or a user on the same system or even from another
system with a different limit is passing to you. Even on GNU/Linux it's
still possible to have different limits and restriction depending on
what you are working on, say odd filesystems, network filesystems, etc.

Check for example:

https://en.wikipedia.org/wiki/Comparison_of_file_systems#Limits

Where for both NAME_MAX and PATH_MAX, there are cases of downwards and
upward limits (or no limits at all). Even nesting multiple mount
points can get you off limits easily.
As mentioned above, there will always be some limit somewhere, if not
only just due to available memory. But even focusing on current
protocol limits seems problematic, because that also ossifies what can
be done in the future.
Over the years I've found that the changes to remove these limits,
makes (in general) the code more robust, future proof, can even
simplify it, and in some cases makes one use better APIs to accomplish
the job.
For this case, notice how the concern that you mentioned above is
quite present here with GNU/Linux exposing _POSIX_HOST_NAME_MAX,
HOST_NAME_MAX and MAXHOSTNAMELEN with diverging values. If the code is
changed to remove arbitrary limits, then these divergences suddenly
disappear.
Yes, I think it's the better option, for robustness, for
future-proofness, for functionality, for security.

While it might seem annoying, because using a hardcoded limit seems
easier, this also looks like a trap, where one ends up ignoring cases
that are silently there but might not be obvious and will still
affect the code, and ossify the whole system impeding future
improvements (although for existing GNU/Linux ports, that's probably
too late anyway).
hurd-i386 is probably on the way out, but that will eventually be
replaced by hurd-amd64 which seems to be coming along nicely.
I think that would be a mistake that would tie the port into a
position similar to GNU/Linux where backing out of it is hard to
impossible, and where that port then needs to live with the
consequences indefinitely.
This has already been possible for a long time. We introduced long
long ago the "unreleased" suite to soft-fork required packages which
were urgent to fix to unblock the buildds, or for which there were
only workaround patches, or the maintainer didn't want to accept a
patch, or similar reasons. This is cumbersome though, as it needs for
these to be kept in sync.
It's my long standing stance that this is always detrimental to the
project; a failure of the community at large, that it ruptures the
social fabric of the project, and given its power and structure
is unjust in nature. If this would ever be needed, I think going
upstream directly or just using the "unreleased" suite is always
going to be socially better and more productive anyway.

Thanks,
Guillem

The GNU Coding standards say: Avoid arbitrary limits
(<https://www.gnu.org/prep/standards/html_node/Semantics.html>. That
was one of the great inspirations for me for wanting to learn much more
about GNU.

Similarly, GNU LilyPond was designed--other than all other music
softwares in the day--to not have arbitrary limits.

If you are running a distribution such as GNU Guix or NixOS, you may
even have run into file name limits.

It often surprises (saddens?) me how few people in the free software
community actually read (or remembered) the GNU standards.

Greetings,
Janneke

It already does so. It just doesn't expose them in the API, so they can
be raised if need be.

Samuel

Hi,
It doesn't make much sense to allow arbitrarily long host names. I'm
more reserved for path names as there are (arguably pathological) use
cases where any fixed limit could be reached.

I think that a satisfactory way to deal with some security issues (let's
call them "name bombs") would be for HURD to implement limits that can
be configured at run time, in the spirit of linux sysctls for many
limits. That won't help much with the other issues though.

In the case of pam above, I believe that patching it in a way that sets
an arbitrary high limit when there is none and documenting this as a
limitation could be appropriate.

Cheers,