The wisdom of MAX_PATH
"C:\The Linux vulnerability involves creating a very long path name.\ That's Very Long(tm) since the length needs to overflow a 32-bit integer.\ It reminds me that (once upon a time) there were limits on the permissible lengths of filenames and although those limits were set much longer than any reasonable human being would ever be bothered to type, they meant that all sorts of software could use a fixed size buffer and not worry about million-character path lengths.\ Sadly, the pursists insisted that there was simply no reason to limit pathnames and so all software must pass torture tests in this area.\ Back in the day, even UNIX systems had a limit (around 4096 characters, I believe, at least on some systems) but gradually the purists have ground everyone else down. Even MS have belatedly gone down this path.\ But really, just *what* is the fucking point of this post being a valid filename? (There, just to trigger another set of purists, I've included wild-card characters in a filename.)\
Actually, if I'm going to be *really* anal I should include a paragraph break, in the form of newline characters, but I'm getting a bit off topic. The real point is that although *you*, dear end-user, cannot see any reason to impose a size limit on names, comment fields or whatever, *implementors* have to go several extra miles to actually support this, especially in a performant manner, and one of the costs is bugs like this.\
Really obscure feature that no-one actually uses but which causes security holes. Sigh..."
Biting the hand that feeds IT
