From: Theo de Raadt Subject: Re: Miscellaneous LibreSSL portability fixes To: deraadt@openbsd.org, sortie@maxsi.org, tb@theobuehler.org Cc: tech@openbsd.org Date: Sun, 3 Nov 2024 05:01:46 -0700 >> Where does it say this? If true the number of portability issues this >> will create, adjacent to security, is assuredly non-zero. I don't believe >> this to be true nor practical. > >POSIX.1-2024 "All of the types shall be defined as >arithmetic types of an appropriate length [...] Additionally: nlink_t, >uid_t, gid_t, and id_t shall be integer types." > >We've basically always been allowed to pick our ABI here, it's the same >language allowing 64-bit time_t and off_t. > >I'm doing an experimental operating system to explore designs >and their consequences. I will bear the full burden of my choices, >review all the security implications, and I'm happy to carry the >patches I need. It's totally ok that you're saying no :) > >I would never suggest such changes for the wider OpenBSD, only the one >portable file I had issues with, and it turns out I didn't know about >the patches feature. > >(Btw the breakage for 64-bit uid_t and gid_t has been small. It's mostly >just printf issues which are caught with -Werror=format. I am unaware of >any security issues so far although yes I am concerned about silent >truncation.) I don't believe your interpretation here. The "appropriate length" is obviously not 64, because that blocks the creation of portable code. I didn't know your operating system was popular enough to have that many users. Ours is not.