This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 11 Mar 2015 02:39, Carlos O'Donell wrote: > On 03/11/2015 02:01 AM, Daiki Ueno wrote: > > It is surprising that there are no checks of lengths/offsets read from > > MO files. Currently, I'm thinking of the attached patch (to gettext), > > which is a bit complicated. If anyone could suggest a cleaner approach, > > I'd appreciate it. > > Why does it surprise you? > > The MO files are writable only by root, so it's not a security issue > because if you could write to them you'd be root, and you'd have > full access to the system anyway. > > The other alternative is that the filesystem is corrupted and loading > the MO file crashes your application. This is expected since the > filesystem is corrupted. You are suggesting we add some rather complex > checking for the possibly low probability case of a corrupted > filesystem. If the filesystem is corrupted other things will be failing > and you need to fix the corruption. > > What strong technical reasons do you have for propsing these additional > checks? i thought you could control things via $TEXTDOMAIN/$TEXTDOMAINDIR, but it looks like just `bash` and `gettext` respect those ? so if you have a shell script that either directly supports translated messages (e.g. bash's $"..."), or indirectly (e.g. manually calling `gettext`), and it doesn't lock down the TEXTDOMAINDIR envvar properly, you could get them to load untrusted data and crash due to the omitted range checks in glibc ? i'm not really familiar with how much gettext relies on glibc though or if it just entirely uses its own copy of code. using Debian's code search [1], it looks like git provides GIT_TEXTDOMAINDIR to override the default TEXTDOMAINDIR. i stopped at page ~6 ;). -mike [1] http://codesearch.debian.net/perpackage-results/TEXTDOMAINDIR/
Attachment:
signature.asc
Description: Digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |