On Sun, 1 Feb 2026 at 17:57, Andries E. Brouwer <[email protected]> wrote: > > On Sun, Feb 01, 2026 at 02:08:29PM +0530, Amit via austin-group-l at The Open > Group wrote: > > > Minorities can get around my limitation of limiting all inputs to a maximum > > of 75% of the RAM size in 2 ways: > > > > 1. Increase the RAM size. > > 2. Modify the source code and remove the checks. > > > > If we satisfy the minority, then this will mean that we are putting > > the majority of the users at the risk of getting hacked > > I have no idea why some fixed percentage of RAM size > has anything to do with security. On the one hand, one needs > to sort larger arrays (I just checked, and a few years ago > needed to sort 165091172592 structs, far exceeding RAM size), > on the other hand such a restriction does not make anything safer. > > Indeed, in the great majority of cases software is not proved correct > but tested until it functions well in the usual cases. If the path > through the code is different in exceptional cases, then such > code paths are never tested and probably full of problems. > > So, while you seem to think that you are increasing security > by imposing limits, I think you are destroying security. >
Since the Open group is not open for a new security oriented POSIX standard, so then there is no point in me continuing this discussion. So, I am stopping this discussion here. Amit
