Bugtraq mailing list archives
i18n issues with format bugs
From: John Levon <moz () COMPSOC MAN AC UK>
Date: Wed, 26 Jul 2000 16:12:39 +0100
After discussion with David Wheeler (and I noticed some on BUGTRAQ had also mentioned this) it seems that there is the possibility of format problems for programs naively trusting localised strings. 1) The GNU gettext source doesn't seem to be a problem, with the exception of cat-compat.c, where bindtextdomain() checks the environment variable $NLSPATH. The question is whether any software out there actually uses this code any more 2) catgets() as specified in SuS can be used to retrieve arbitrary strings via $NLSPATH. The SuS specification is here : http://www.opengroup.org/onlinepubs/007908799/xsh/catopen.html As it happens, the GNU libc ignores this environment variable in the suid/sgid case. I don't know whether this also applies to other vendor's implementations ? I don't actually have a specific piece of code that's under risk, but it seems that in general catgets() and friends cannot be trusted. Of course, all the code out there doesn't trust outside functions anyway, right ? john
Current thread:
- i18n issues with format bugs John Levon (Jul 26)
- Re: i18n issues with format bugs Theo de Raadt (Jul 29)
- <Possible follow-ups>
- Re: i18n issues with format bugs Forrest J. Cavalier III (Jul 29)