Bugtraq mailing list archives
Re: StackGuard with ... Re: [Paper] Format bugs.
From: Robert Bihlmeyer <robbe () ORCUS PRIV AT>
Date: Tue, 25 Jul 2000 20:06:36 +0200
Morten Welinder <terra () DIKU DK> writes:
s = g_strdup_printf ( _("Workbook %s has unsaved changes, save them?"), g_basename (wb->filename)); (Which reminds me: I sure hope that the language files cannot be controlled by a malicious user. That would allow putting extra %-escapes into just about any format string. Ugh.)
The GNU libc here (2.1.3) ignores LC_MESSAGES and friends containing slashes if uid!=euid || gid!=egid. You should not allow unfiltered remote access to LANG, LC_MESSAGES, or LC_ALL (e.g. through a CGI). -- Robbe
Attachment:
signature.ng
Description:
Current thread:
- Re: StackGuard with ... Re: [Paper] Format bugs. Morten Welinder (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Robert Bihlmeyer (Jul 25)
- <Possible follow-ups>
- Re: StackGuard with ... Re: [Paper] Format bugs. Ken Alverson (Jul 25)